Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
M5vARlA2c4.exe

Overview

General Information

Sample name:M5vARlA2c4.exe
renamed because original name is a hash value
Original sample name:022acabaf8af0e28844b01f4929ee95c.exe
Analysis ID:1390286
MD5:022acabaf8af0e28844b01f4929ee95c
SHA1:b0096d8c5d45cb7e9e0b3df0b5be5c92669530dc
SHA256:e76ea7b90a900ed00f982ceeff3e6b1f08956f08f8e00daf59c140f51d0deb2c
Tags:exenjratRAT
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
Disables zone checking for all users
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • M5vARlA2c4.exe (PID: 6720 cmdline: C:\Users\user\Desktop\M5vARlA2c4.exe MD5: 022ACABAF8AF0E28844B01F4929EE95C)
  • M5vARlA2c4.exe (PID: 6340 cmdline: "C:\Users\user\Desktop\M5vARlA2c4.exe" .. MD5: 022ACABAF8AF0E28844B01F4929EE95C)
  • M5vARlA2c4.exe (PID: 2996 cmdline: "C:\Users\user\Desktop\M5vARlA2c4.exe" .. MD5: 022ACABAF8AF0E28844B01F4929EE95C)
  • M5vARlA2c4.exe (PID: 6460 cmdline: "C:\Users\user\Desktop\M5vARlA2c4.exe" .. MD5: 022ACABAF8AF0E28844B01F4929EE95C)
  • Java update.exe (PID: 6168 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe" MD5: 022ACABAF8AF0E28844B01F4929EE95C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Install Dir": "TEMP", "Install Name": "Dllhost.exe", "Startup": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "HacKed", "Version": "Njrat 0.7 Golden By Hassan Amiri", "Network Seprator": "|Hassan|", "Mutex": "Windows Update", "Install Flag": "True"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
M5vARlA2c4.exeJoeSecurity_NjratYara detected NjratJoe Security
    M5vARlA2c4.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x7cbd:$a1: get_Registry
    • 0x93e6:$a2: SEE_MASK_NOZONECHECKS
    • 0x91f6:$a3: Download ERROR
    • 0x960e:$a4: cmd.exe /c ping 0 -n 2 & del "
    M5vARlA2c4.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x960e:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x949c:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
    • 0x9090:$x3: www.upload.ee/image/
    • 0x90e8:$x3: www.upload.ee/image/
    • 0x9144:$x3: www.upload.ee/image/
    • 0x8d8e:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x9484:$s2: /Server.exe
    • 0x9218:$s3: Executed As
    • 0x724d:$s5: Stub.exe
    • 0x91f6:$s6: Download ERROR
    • 0x8eb4:$s7: shutdown -r -t 00
    • 0x8d50:$s8: Select * From AntiVirusProduct
    M5vARlA2c4.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x93e6:$reg: SEE_MASK_NOZONECHECKS
    • 0x91d2:$msg: Execute ERROR
    • 0x9232:$msg: Execute ERROR
    • 0x960e:$ping: cmd.exe /c ping 0 -n 2 & del

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x7cbd:$a1: get_Registry
      • 0x93e6:$a2: SEE_MASK_NOZONECHECKS
      • 0x91f6:$a3: Download ERROR
      • 0x960e:$a4: cmd.exe /c ping 0 -n 2 & del "
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
      • 0x960e:$x1: cmd.exe /c ping 0 -n 2 & del "
      • 0x949c:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
      • 0x9090:$x3: www.upload.ee/image/
      • 0x90e8:$x3: www.upload.ee/image/
      • 0x9144:$x3: www.upload.ee/image/
      • 0x8d8e:$s1: winmgmts:\\.\root\SecurityCenter2
      • 0x9484:$s2: /Server.exe
      • 0x9218:$s3: Executed As
      • 0x724d:$s5: Stub.exe
      • 0x91f6:$s6: Download ERROR
      • 0x8eb4:$s7: shutdown -r -t 00
      • 0x8d50:$s8: Select * From AntiVirusProduct
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x93e6:$reg: SEE_MASK_NOZONECHECKS
      • 0x91d2:$msg: Execute ERROR
      • 0x9232:$msg: Execute ERROR
      • 0x960e:$ping: cmd.exe /c ping 0 -n 2 & del

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
        • 0x7abd:$a1: get_Registry
        • 0x91e6:$a2: SEE_MASK_NOZONECHECKS
        • 0x8ff6:$a3: Download ERROR
        • 0x940e:$a4: cmd.exe /c ping 0 -n 2 & del "
        00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
        • 0x91e6:$reg: SEE_MASK_NOZONECHECKS
        • 0x8fd2:$msg: Execute ERROR
        • 0x9032:$msg: Execute ERROR
        • 0x940e:$ping: cmd.exe /c ping 0 -n 2 & del
        00000000.00000002.4095165633.0000000002671000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          Process Memory Space: M5vARlA2c4.exe PID: 6720JoeSecurity_NjratYara detected NjratJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.M5vARlA2c4.exe.190000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
              0.0.M5vARlA2c4.exe.190000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
              • 0x7cbd:$a1: get_Registry
              • 0x93e6:$a2: SEE_MASK_NOZONECHECKS
              • 0x91f6:$a3: Download ERROR
              • 0x960e:$a4: cmd.exe /c ping 0 -n 2 & del "
              0.0.M5vARlA2c4.exe.190000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
              • 0x960e:$x1: cmd.exe /c ping 0 -n 2 & del "
              • 0x949c:$x2: schtasks /create /sc minute /mo 1 /tn Server /tr
              • 0x9090:$x3: www.upload.ee/image/
              • 0x90e8:$x3: www.upload.ee/image/
              • 0x9144:$x3: www.upload.ee/image/
              • 0x8d8e:$s1: winmgmts:\\.\root\SecurityCenter2
              • 0x9484:$s2: /Server.exe
              • 0x9218:$s3: Executed As
              • 0x724d:$s5: Stub.exe
              • 0x91f6:$s6: Download ERROR
              • 0x8eb4:$s7: shutdown -r -t 00
              • 0x8d50:$s8: Select * From AntiVirusProduct
              0.0.M5vARlA2c4.exe.190000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
              • 0x93e6:$reg: SEE_MASK_NOZONECHECKS
              • 0x91d2:$msg: Execute ERROR
              • 0x9232:$msg: Execute ERROR
              • 0x960e:$ping: cmd.exe /c ping 0 -n 2 & del

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Desktop\M5vARlA2c4.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\M5vARlA2c4.exe, ProcessId: 6720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update
              Sigma detected: Startup Folder File Write
              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\M5vARlA2c4.exe, ProcessId: 6720, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Desktop\M5vARlA2c4.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\M5vARlA2c4.exe, ProcessId: 6720, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Update

              Snort Signatures

              Timestamp:192.168.2.43.68.171.11949736169922815696 02/11/24-06:47:39.675578
              SID:2815696
              Source Port:49736
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949736169922825563 02/11/24-06:47:39.874632
              SID:2825563
              Source Port:49736
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729169922033132 02/11/24-06:47:01.754129
              SID:2033132
              Source Port:49729
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949736169922033132 02/11/24-06:47:39.675578
              SID:2033132
              Source Port:49736
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729169922825564 02/11/24-06:47:33.737666
              SID:2825564
              Source Port:49729
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949736169922825564 02/11/24-06:50:02.578895
              SID:2825564
              Source Port:49736
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729169922815696 02/11/24-06:47:01.754129
              SID:2815696
              Source Port:49729
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.452.28.247.25549738169922033132 02/11/24-06:50:07.531136
              SID:2033132
              Source Port:49738
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729169922825563 02/11/24-06:47:01.954776
              SID:2825563
              Source Port:49729
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.452.28.247.25549738169922815696 02/11/24-06:50:07.531136
              SID:2815696
              Source Port:49738
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.452.28.247.25549738169922825564 02/11/24-06:50:56.577061
              SID:2825564
              Source Port:49738
              Destination Port:16992
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: M5vARlA2c4.exeAvira: detected
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeAvira: detection malicious, Label: TR/Dropper.Gen7
              Found malware configuration
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpackMalware Configuration Extractor: Njrat {"Install Dir": "TEMP", "Install Name": "Dllhost.exe", "Startup": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "HacKed", "Version": "Njrat 0.7 Golden By Hassan Amiri", "Network Seprator": "|Hassan|", "Mutex": "Windows Update", "Install Flag": "True"}
              Multi AV Scanner detection for domain / URL
              Source: 6.tcp.eu.ngrok.ioVirustotal: Detection: 12%Perma Link
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeReversingLabs: Detection: 84%
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeVirustotal: Detection: 84%Perma Link
              Multi AV Scanner detection for submitted file
              Source: M5vARlA2c4.exeReversingLabs: Detection: 84%
              Source: M5vARlA2c4.exeVirustotal: Detection: 84%Perma Link
              Yara detected Njrat
              Source: Yara matchFile source: M5vARlA2c4.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4095165633.0000000002671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6720, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6340, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 2996, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Java update.exe PID: 6168, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: M5vARlA2c4.exeJoe Sandbox ML: detected
              Source: M5vARlA2c4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: M5vARlA2c4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2815696 ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon 192.168.2.4:49729 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49729 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49729 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49729 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2815696 ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon 192.168.2.4:49736 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49736 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49736 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49736 -> 3.68.171.119:16992
              Source: TrafficSnort IDS: 2815696 ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon 192.168.2.4:49738 -> 52.28.247.255:16992
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49738 -> 52.28.247.255:16992
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49738 -> 52.28.247.255:16992
              Source: global trafficTCP traffic: 192.168.2.4:49729 -> 3.68.171.119:16992
              Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.28.247.255:16992
              Source: Joe Sandbox ViewIP Address: 52.28.247.255 52.28.247.255
              Source: Joe Sandbox ViewIP Address: 3.68.171.119 3.68.171.119
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownDNS traffic detected: queries for: 6.tcp.eu.ngrok.io

              E-Banking Fraud

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: M5vARlA2c4.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4095165633.0000000002671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6720, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6340, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 2996, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Java update.exe PID: 6168, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: M5vARlA2c4.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: M5vARlA2c4.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
              Source: M5vARlA2c4.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_00C3A8280_2_00C3A828
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_00C3D6980_2_00C3D698
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_00C3E3E80_2_00C3E3E8
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_00C3A7D70_2_00C3A7D7
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_00C35A630_2_00C35A63
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_04B5AC500_2_04B5AC50
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeCode function: 0_2_04B593400_2_04B59340
              Source: M5vARlA2c4.exe, 00000000.00000002.4093307381.0000000000537000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs M5vARlA2c4.exe
              Source: M5vARlA2c4.exe, 00000000.00000002.4093489159.000000000076E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs M5vARlA2c4.exe
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeSection loaded: wldp.dllJump to behavior
              Source: M5vARlA2c4.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: M5vARlA2c4.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: M5vARlA2c4.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: M5vARlA2c4.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
              Source: classification engineClassification label: mal100.phis.troj.adwa.evad.winEXE@5/4@2/2
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeMutant created: NULL
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMutant created: \Sessions\1\BaseNamedObjects\Windows Update
              Source: M5vARlA2c4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: M5vARlA2c4.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: M5vARlA2c4.exeReversingLabs: Detection: 84%
              Source: M5vARlA2c4.exeVirustotal: Detection: 84%
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile read: C:\Users\user\Desktop\M5vARlA2c4.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\M5vARlA2c4.exe C:\Users\user\Desktop\M5vARlA2c4.exe
              Source: unknownProcess created: C:\Users\user\Desktop\M5vARlA2c4.exe "C:\Users\user\Desktop\M5vARlA2c4.exe" ..
              Source: unknownProcess created: C:\Users\user\Desktop\M5vARlA2c4.exe "C:\Users\user\Desktop\M5vARlA2c4.exe" ..
              Source: unknownProcess created: C:\Users\user\Desktop\M5vARlA2c4.exe "C:\Users\user\Desktop\M5vARlA2c4.exe" ..
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe"
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
              Source: M5vARlA2c4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: M5vARlA2c4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: M5vARlA2c4.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: Java update.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the startup folder
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to dropped file
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe\:Zone.Identifier:$DATAJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Windows UpdateJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: C30000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 2670000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 24A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 6D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 2390000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 2220000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 12F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 1540000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 3050000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: 2E90000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeMemory allocated: D10000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeMemory allocated: 47C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWindow / User API: threadDelayed 901Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWindow / User API: threadDelayed 2956Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWindow / User API: threadDelayed 5164Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWindow / User API: foregroundWindowGot 664Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWindow / User API: foregroundWindowGot 700Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 4124Thread sleep count: 901 > 30Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 4124Thread sleep time: -90100s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6748Thread sleep count: 2956 > 30Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6748Thread sleep time: -2956000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6748Thread sleep count: 5164 > 30Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6748Thread sleep time: -5164000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 5700Thread sleep count: 43 > 30Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6848Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6676Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 6648Thread sleep count: 41 > 30Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 4956Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 1608Thread sleep count: 43 > 30Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 4456Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exe TID: 4484Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe TID: 6792Thread sleep count: 44 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe TID: 2500Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe TID: 3448Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: M5vARlA2c4.exe, 00000000.00000002.4093489159.0000000000809000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeMemory allocated: page read and write | page guardJump to behavior
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 22:56:29 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:58:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:41:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 04:46:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:33:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:50:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 06:49:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 15:11:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:33:25 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:50:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:22:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/16 | 23:36:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:20:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:12:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:02:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/22 | 14:11:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:04:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:24:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:06:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:52:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:22:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 11:59:20 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:26:51 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 01:18:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 04:51:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:22:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:06:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:34:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 03:59:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:15:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:23:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:02:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:56:35 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:29:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 15:10:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:25:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:26:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 05:00:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/20 | 10:43:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:21:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:59:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/04 | 16:16:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/26 | 06:59:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:04:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:21:31 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:47:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:19:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:17:37 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:07:22 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:02:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:10:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:42:24 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:00:47 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:05:37 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:55:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 23:05:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/06 | 19:43:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:47:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:03:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:40:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 16:11:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 11:51:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:07:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/30 | 00:29:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/16 | 23:35:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 22:57:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:27:47 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:28:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 15:09:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:23:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:32:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:59:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:19:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:22:24 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:22:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:15:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:39:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:53:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/27 | 20:01:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:37:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/28 | 10:39:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 12:39:41 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:07:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 01:07:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:51:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:26:41 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:01:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:46:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:32:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:12:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 06:48:12 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:47:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:01:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:16:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 11:21:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:24:22 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:46:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/06 | 05:02:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:18:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/28 | 10:48:20 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:24:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 15:56:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:34:41 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:06:17 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 13:04:24 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:17:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:23:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:36:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:07:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:28:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:30:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 05:06:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:45:49 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:07:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:46:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:34:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 16:08:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:57:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:08:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 15:02:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:33:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:30:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:33:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:08:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:50:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:48:35 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:17:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:25:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:32:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:05:49 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/19 | 02:54:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:44:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:54:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:25:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:07:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:27:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:09:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:53:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 15:19:41 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:39:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:34:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:28:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 11:50:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:16:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 21:13:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:35:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:42:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:29:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 12:05:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:31:29 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 09:09:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 12:07:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:40:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:11:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:27:07 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 20:17:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:29:31 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:13:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 12:09:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/13 | 07:31:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:48:12 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:57:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:27:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:15:07 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 11:43:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:51:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:15:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:51:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:32:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:38:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:59:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:15:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:25:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:07:49 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:38:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:55:12 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:14:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:04:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:26:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:38:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/28 | 10:48:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 05:05:22 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 20:02:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 04:38:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:33:47 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:29:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:12:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 07:14:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:45:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:27:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:39:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:22:49 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:36:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 12:15:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:51:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:12:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:14:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:08:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 18:51:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/30 | 00:08:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:16:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 12:15:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 15:55:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:00:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 12:00:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:28:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 14:40:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:50:51 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:33:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:51:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:47:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:53:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:36:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:39:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 04:42:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/20 | 10:42:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:23:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/30 | 00:17:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:51:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:06:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:25:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:36:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:47:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:58:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:17:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:05:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 13:15:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:54:06 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/06 | 19:44:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:21:31 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/27 | 19:59:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:31:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 16:10:13 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:16:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:42:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 13:00:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:42:07 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/13 | 07:43:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:36:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:49:25 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:57:24 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:57:29 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 15:46:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 22:59:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:00:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:44:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:25:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:09:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 09:13:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:10:22 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:34:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:36:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:36:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:00:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/30 | 00:20:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:12:37 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:02:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:11:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:46:47 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/26 | 07:10:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:09:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 15:56:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 07:06:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:24:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:11:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:52:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:50:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:26:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:20:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:17:37 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:09:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:10:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:29:25 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:58:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:35:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:50:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:00:20 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:35:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:35:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:21:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:45:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 08:27:41 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:27:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 15:42:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:26:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 23:01:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:28:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:46:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:32:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:23:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/27 | 20:04:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 07:03:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:20:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/26 | 07:10:29 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 23:02:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:50:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:14:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:49:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/04 | 16:09:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:34:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:19:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 14:32:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:32:17 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:39:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:04:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:24:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:54:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:30:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:02:58 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/08 | 08:22:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 14:28:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:20:37 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:38:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:34:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:12:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/26 | 06:58:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 11:24:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:51:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:28:49 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:36:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/04 | 16:12:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:33:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:49:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 15:13:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:57:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:20:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:20:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:31:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:30:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:42:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 13:52:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:12:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/08 | 08:24:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/28 | 10:37:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:13:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:37:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:48:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:39:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:21:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 13:26:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:23:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:01:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:14:35 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 01:08:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:12:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:06:51 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 16:11:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 23:04:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 13:09:13 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:40:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 07:18:07 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 02:29:35 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:14:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:40:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:29:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:18:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:37:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:55:12 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:30:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:33:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:15:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:38:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:20:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:08:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:40:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/26 | 07:03:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/13 | 07:36:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:51:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 07:54:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:21:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:03:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:29:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:01:13 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:58:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:31:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:30:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:03:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:46:51 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:03:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.00000000026C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\kqe
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/22 | 14:11:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:50:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:23:12 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 01:22:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:23:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:28:46 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:16:51 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 01:23:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 22:58:02 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:01:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:58:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 16:00:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:27:58 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 07:11:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 15:12:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 20:03:29 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:30:48 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/08 | 08:25:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/13 | 07:38:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:28:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/19 | 19:42:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/16 | 23:34:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:03:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:50:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:38:47 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:29:34 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/28 | 10:51:17 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:40:29 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:44:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 19:36:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 11:54:04 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:21:52 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 10:36:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:15:00 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:18:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:17:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:51:32 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/28 | 22:52:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:49:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:21:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 16:04:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:12:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:41:05 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:37:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 15:49:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:38:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 14:23:17 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 07:12:58 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 06:48:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 16:05:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 14:52:58 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:18:10 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/26 | 23:27:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:04:54 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:44:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 22:59:43 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 17:36:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:10:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:29:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:53:58 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/19 | 02:56:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 12:24:22 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 14:30:58 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/29 | 04:24:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:48:36 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/06 | 04:57:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:40:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:24:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 03:58:49 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/10 | 12:09:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/26 | 07:10:12 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/27 | 19:54:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/29 | 23:59:25 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/08 | 08:26:23 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:53:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:17:44 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:54:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:51:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/16 | 00:10:11 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 20:04:03 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/09 | 00:02:20 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:02:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:09:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:58:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 15:43:40 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 15:58:42 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/21 | 22:58:26 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/15 | 11:19:28 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:30:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 08:42:14 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/22 | 14:08:57 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:01:24 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 18:47:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/17 | 15:32:15 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/23 | 11:02:08 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/13 | 19:29:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/05/02 | 04:21:39 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/12 | 16:08:59 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 06:01:01 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/21 | 06:25:19 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/25 | 15:52:45 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:14:37 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/20 | 10:34:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/04 | 16:06:31 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/03 | 23:59:50 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 19:49:51 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/04 | 00:13:21 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/02 | 12:47:27 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/04/14 | 20:08:16 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:38:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:17:55 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/08 | 23:51:09 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:23:56 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4095165633.0000000002BC4000.00000004.00000800.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/11 | 12:40:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/24 | 03:04:18 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:56:30 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/03/30 | 15:05:38 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:32:33 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/18 | 05:47:53 - Program Manager
              Source: M5vARlA2c4.exe, 00000000.00000002.4097352961.0000000003671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/02/24 | 18:07:38 - Program Manager
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Users\user\Desktop\M5vARlA2c4.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Users\user\Desktop\M5vARlA2c4.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Users\user\Desktop\M5vARlA2c4.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Users\user\Desktop\M5vARlA2c4.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Disables zone checking for all users
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
              Source: M5vARlA2c4.exe, 00000000.00000002.4100814190.0000000005BD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s Defender\MsMpeng.exe
              Source: M5vARlA2c4.exe, 00000000.00000002.4093489159.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4100814190.0000000005BD0000.00000004.00000020.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4100814190.0000000005BF0000.00000004.00000020.00020000.00000000.sdmp, M5vARlA2c4.exe, 00000000.00000002.4093489159.0000000000809000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: M5vARlA2c4.exe, 00000000.00000002.4100814190.0000000005BF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
              Source: C:\Users\user\Desktop\M5vARlA2c4.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: M5vARlA2c4.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4095165633.0000000002671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6720, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6340, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 2996, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Java update.exe PID: 6168, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: M5vARlA2c4.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.M5vARlA2c4.exe.190000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.4095165633.0000000002671000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6720, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 6340, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: M5vARlA2c4.exe PID: 2996, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Java update.exe PID: 6168, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Windows Management Instrumentation              		121
              Registry Run Keys / Startup Folder              		2
              Process Injection              		1
              Masquerading              		OS Credential Dumping121
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              DLL Side-Loading              		121
              Registry Run Keys / Startup Folder              		11
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive1
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture1
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Software Packing              		LSA Secrets12
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              M5vARlA2c4.exe84%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
              M5vARlA2c4.exe85%VirustotalBrowse
              M5vARlA2c4.exe100%AviraTR/Dropper.Gen7
              M5vARlA2c4.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe100%AviraTR/Dropper.Gen7
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe84%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe85%VirustotalBrowse

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              6.tcp.eu.ngrok.io12%VirustotalBrowse

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              6.tcp.eu.ngrok.io
              		3.68.171.119
              		truetrueunknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              52.28.247.255
              		unknownUnited States
              		16509AMAZON-02UStrue
              3.68.171.119
              		6.tcp.eu.ngrok.ioUnited States
              		16509AMAZON-02UStrue

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1390286
              Start date and time:2024-02-11 06:46:04 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 8m 9s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:M5vARlA2c4.exe
              renamed because original name is a hash value
              Original Sample Name:022acabaf8af0e28844b01f4929ee95c.exe
              Detection:MAL
              Classification:mal100.phis.troj.adwa.evad.winEXE@5/4@2/2
              EGA Information:
              • Successful, ratio: 20%
              HCA Information:
              • Successful, ratio: 95%
              • Number of executed functions: 127
              • Number of non-executed functions: 4
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240s for sample files taking high CPU consumption

              Warnings

              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target Java update.exe, PID 6168 because it is empty
              • Execution Graph export aborted for target M5vARlA2c4.exe, PID 2996 because it is empty
              • Execution Graph export aborted for target M5vARlA2c4.exe, PID 6340 because it is empty
              • Execution Graph export aborted for target M5vARlA2c4.exe, PID 6460 because it is empty
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              05:46:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows Update "C:\Users\user\Desktop\M5vARlA2c4.exe" ..
              05:47:09AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Windows Update "C:\Users\user\Desktop\M5vARlA2c4.exe" ..
              05:47:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Windows Update "C:\Users\user\Desktop\M5vARlA2c4.exe" ..
              05:47:26AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
              06:47:01API Interceptor473922x Sleep call for process: M5vARlA2c4.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              52.28.247.2551.exeGet hashmaliciousNjratBrowse
                rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                  N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                    QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                      dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                        X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                          ZuXcnAYgVp.exeGet hashmaliciousNjratBrowse
                            wiUnP1h5Ex.exeGet hashmaliciousNjratBrowse
                              BqFosj9Wcb.exeGet hashmaliciousNjratBrowse
                                d09l64ZAW6.exeGet hashmaliciousNjratBrowse
                                  3.68.171.119YTYyFVemXR.exeGet hashmaliciousNjratBrowse
                                    zyx3qItgQK.exeGet hashmaliciousNjratBrowse
                                      NfJ0jC2dPr.exeGet hashmaliciousNjratBrowse
                                        226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                          N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                                            m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                                              sCXwkZrcZ3.exeGet hashmaliciousNjratBrowse
                                                X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                                                  wiUnP1h5Ex.exeGet hashmaliciousNjratBrowse
                                                    d09l64ZAW6.exeGet hashmaliciousNjratBrowse

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      6.tcp.eu.ngrok.ioYTYyFVemXR.exeGet hashmaliciousNjratBrowse
                                                      • 3.68.171.119
                                                      zyx3qItgQK.exeGet hashmaliciousNjratBrowse
                                                      • 3.69.115.178
                                                      NfJ0jC2dPr.exeGet hashmaliciousNjratBrowse
                                                      • 3.69.157.220
                                                      ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                                                      • 3.69.157.220
                                                      1.exeGet hashmaliciousNjratBrowse
                                                      • 3.66.38.117
                                                      226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                                      • 3.69.157.220
                                                      IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                                                      • 3.66.38.117
                                                      Terraria.exeGet hashmaliciousNjratBrowse
                                                      • 3.66.38.117
                                                      myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                      • 3.69.115.178
                                                      rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                                                      • 3.69.115.178

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AMAZON-02USla.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 108.142.224.137
                                                      la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 52.60.177.86
                                                      UKYj4rfNwY.elfGet hashmaliciousMiraiBrowse
                                                      • 44.243.245.77
                                                      x5YJAcb2Nh.elfGet hashmaliciousMiraiBrowse
                                                      • 18.142.151.220
                                                      d4dtHo2bNn.elfGet hashmaliciousMiraiBrowse
                                                      • 13.120.66.131
                                                      sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 13.218.158.41
                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 18.245.17.48
                                                      OXnFrFdLpC.elfGet hashmaliciousUnknownBrowse
                                                      • 52.10.195.53
                                                      fmoxN12Pdb.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                      • 3.163.101.10
                                                      xY3F1ZEqHz.elfGet hashmaliciousUnknownBrowse
                                                      • 18.179.63.162
                                                      AMAZON-02USla.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 108.142.224.137
                                                      la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 52.60.177.86
                                                      UKYj4rfNwY.elfGet hashmaliciousMiraiBrowse
                                                      • 44.243.245.77
                                                      x5YJAcb2Nh.elfGet hashmaliciousMiraiBrowse
                                                      • 18.142.151.220
                                                      d4dtHo2bNn.elfGet hashmaliciousMiraiBrowse
                                                      • 13.120.66.131
                                                      sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                      • 13.218.158.41
                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 18.245.17.48
                                                      OXnFrFdLpC.elfGet hashmaliciousUnknownBrowse
                                                      • 52.10.195.53
                                                      fmoxN12Pdb.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                      • 3.163.101.10
                                                      xY3F1ZEqHz.elfGet hashmaliciousUnknownBrowse
                                                      • 18.179.63.162

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Java update.exe.log

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):507
                                                      Entropy (8bit):5.344008188221104
                                                      Encrypted:false
                                                      SSDEEP:12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLU84jE4K5E4KH1qE4j
                                                      MD5:285ADD706E818D58486213C030BD9ED5
                                                      SHA1:3593842190DB067FC23F4E3E7A8FC69263800A47
                                                      SHA-256:20B63D70AA9351A7ECC1E8B4A8099BC7D6A4500BA11DE6BCFB028D09475A6D7E
                                                      SHA-512:935832497DF8AD8A4676947C0BCEC89C312753E604B3C2AAAAA42CDF2DFEDD5151385B44589C8E304ABA26D9578DFF1FE841EDE6EB5E784208984584FB8B2201
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\M5vARlA2c4.exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):507
                                                      Entropy (8bit):5.344008188221104
                                                      Encrypted:false
                                                      SSDEEP:12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLU84jE4K5E4KH1qE4j
                                                      MD5:285ADD706E818D58486213C030BD9ED5
                                                      SHA1:3593842190DB067FC23F4E3E7A8FC69263800A47
                                                      SHA-256:20B63D70AA9351A7ECC1E8B4A8099BC7D6A4500BA11DE6BCFB028D09475A6D7E
                                                      SHA-512:935832497DF8AD8A4676947C0BCEC89C312753E604B3C2AAAAA42CDF2DFEDD5151385B44589C8E304ABA26D9578DFF1FE841EDE6EB5E784208984584FB8B2201
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):44032
                                                      Entropy (8bit):5.606415957522971
                                                      Encrypted:false
                                                      SSDEEP:384:YZyq6NUst+3gUy6tZFIEEEoHjtJEzQIij+ZsNO3PlpJKkkjh/TzF7pWnI/greT0k:uqwQh6PFtkjGuXQ/oJ3+L
                                                      MD5:022ACABAF8AF0E28844B01F4929EE95C
                                                      SHA1:B0096D8C5D45CB7E9E0B3DF0B5BE5C92669530DC
                                                      SHA-256:E76EA7B90A900ED00F982CEEFF3E6B1F08956F08F8E00DAF59C140F51D0DEB2C
                                                      SHA-512:0F474F4F144FF33E6F46AA0C3EE8E29595429CE270C5921E46D537EBF20E06D80DF5BD5B0D08DF756740224D05B77822B50C4FB377744332E07FD5F2AF658B26
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Joe Security
                                                      • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: unknown
                                                      • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Florian Roth
                                                      • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: JPCERT/CC Incident Response Group
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 84%
                                                      • Antivirus: Virustotal, Detection: 85%, Browse
                                                      Reputation:low
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V.e................................. ........@.. ....................... ............@.................................8...S.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H.......@y...I......T....x................................................(....*..(....*.s.........s.........s.........s.........s.........*.0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0................,.........o....9....~....,,~.........(....o...., r...p......(....s....zs.........~.........(.....o....(...+..lu....%-.&.+.%.(.....o...............&r;..p..........o....o......(.......o....s....z~........

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe:Zone.Identifier

                                                      Download File
                                                      Process:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):5.606415957522971
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Windows Screen Saver (13104/52) 0.07%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      File name:M5vARlA2c4.exe
                                                      File size:44'032 bytes
                                                      MD5:022acabaf8af0e28844b01f4929ee95c
                                                      SHA1:b0096d8c5d45cb7e9e0b3df0b5be5c92669530dc
                                                      SHA256:e76ea7b90a900ed00f982ceeff3e6b1f08956f08f8e00daf59c140f51d0deb2c
                                                      SHA512:0f474f4f144ff33e6f46aa0c3ee8e29595429ce270c5921e46d537ebf20e06d80df5bd5b0d08df756740224d05b77822b50c4fb377744332e07fd5f2af658b26
                                                      SSDEEP:384:YZyq6NUst+3gUy6tZFIEEEoHjtJEzQIij+ZsNO3PlpJKkkjh/TzF7pWnI/greT0k:uqwQh6PFtkjGuXQ/oJ3+L
                                                      TLSH:1413E78CB694E174D5FF8BF1B4A2B2890B71A017A806930FD9F154D94BB3EC09611EE7
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V.e................................. ........@.. ....................... ............@................................

                                                      File Icon

                                                      Icon Hash:90cececece8e8eb0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x40c38e
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x65C356D6 [Wed Feb 7 10:09:26 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc3380x53.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xe0000x400.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x100000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000xa3940xa400b0c2d211bc417e0554ea5a36451ad356False0.4204458841463415data5.699451100649261IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xe0000x4000x400e6bddab8cfc5a0b85c6b2404ef045c60False0.3017578125data3.5160679793070893IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x100000xc0x2007944e824d98cd140be139d8516798e9aFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_MANIFEST0xe0580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Snort IDS Alerts

                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                      192.168.2.43.68.171.11949736169922815696 02/11/24-06:47:39.675578TCP2815696ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon4973616992192.168.2.43.68.171.119
                                                      192.168.2.43.68.171.11949736169922825563 02/11/24-06:47:39.874632TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4973616992192.168.2.43.68.171.119
                                                      192.168.2.43.68.171.11949729169922033132 02/11/24-06:47:01.754129TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972916992192.168.2.43.68.171.119
                                                      192.168.2.43.68.171.11949736169922033132 02/11/24-06:47:39.675578TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973616992192.168.2.43.68.171.119
                                                      192.168.2.43.68.171.11949729169922825564 02/11/24-06:47:33.737666TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972916992192.168.2.43.68.171.119
                                                      192.168.2.43.68.171.11949736169922825564 02/11/24-06:50:02.578895TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973616992192.168.2.43.68.171.119
                                                      192.168.2.43.68.171.11949729169922815696 02/11/24-06:47:01.754129TCP2815696ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon4972916992192.168.2.43.68.171.119
                                                      192.168.2.452.28.247.25549738169922033132 02/11/24-06:50:07.531136TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973816992192.168.2.452.28.247.255
                                                      192.168.2.43.68.171.11949729169922825563 02/11/24-06:47:01.954776TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972916992192.168.2.43.68.171.119
                                                      192.168.2.452.28.247.25549738169922815696 02/11/24-06:50:07.531136TCP2815696ETPRO TROJAN Win32.FrauDrop.akljo Backdoor Beacon4973816992192.168.2.452.28.247.255
                                                      192.168.2.452.28.247.25549738169922825564 02/11/24-06:50:56.577061TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973816992192.168.2.452.28.247.255

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Feb 11, 2024 06:47:01.356220007 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:01.556572914 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:01.556829929 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:01.754128933 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:01.954521894 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:01.954776049 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:02.154934883 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:07.440104961 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:07.640312910 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:22.876965046 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:22.877058983 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:24.830270052 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:25.030524969 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:33.737665892 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:33.938121080 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:36.865010023 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:36.865117073 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:38.876733065 CET4972916992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:38.878070116 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:39.076917887 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:39.076980114 CET16992497293.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:39.077002048 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:39.675578117 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:39.874562025 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:39.874631882 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:40.073396921 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:40.876786947 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:47:41.075956106 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:56.089287996 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:47:56.089716911 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:03.845710993 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:04.044666052 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:04.580116034 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:04.779310942 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:07.017410994 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:07.216896057 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:07.217206955 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:07.416955948 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:08.224066019 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:08.423544884 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:08.423618078 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:08.622868061 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:08.672813892 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:08.871957064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:08.872025967 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:09.071255922 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:09.071568012 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:09.270837069 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:09.270925045 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:09.470030069 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:09.470140934 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:09.669445038 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:09.669615984 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:09.868956089 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:09.869406939 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:10.068929911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:10.069021940 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:10.268382072 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:10.268739939 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:10.469238997 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:10.469475985 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:10.668673038 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:10.668817043 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:10.868069887 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:10.868163109 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:11.067199945 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:11.067423105 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:11.266478062 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:11.266601086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:11.465687037 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:11.465760946 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:11.664706945 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:11.664870024 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:11.863881111 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:11.864033937 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:12.062982082 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:12.063262939 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:12.262572050 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:12.262852907 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:12.462001085 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:12.462120056 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:12.661015034 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:12.661108971 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:12.860049963 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:12.860172033 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:13.059519053 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:13.059626102 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:13.258708000 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:13.258773088 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:13.457653999 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:13.457921028 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:13.656769037 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:13.656863928 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:13.855635881 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:13.855709076 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:14.054691076 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:14.054795027 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:14.253699064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:14.253822088 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:14.452883005 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:14.452960014 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:14.651926994 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:14.652030945 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:14.851124048 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:14.851202011 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:15.050312996 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:15.050383091 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:15.249404907 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:15.249536991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:15.448400974 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:15.448486090 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:15.647387028 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:15.647480011 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:15.846364975 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:15.846452951 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:16.045655012 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:16.045773029 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:16.244795084 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:16.244868994 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:16.443767071 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:16.443924904 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:16.642782927 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:16.643138885 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:16.842154980 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:16.842236996 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:17.041162968 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:17.041250944 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:17.240081072 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:17.240164995 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:17.438873053 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:19.587196112 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:19.786097050 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:19.786170959 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:19.985219955 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:19.985332966 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:20.184092999 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:20.184159994 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:20.383043051 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:20.383244991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:20.582026958 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:20.582099915 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:20.780944109 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:20.781025887 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:20.979873896 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:20.979924917 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:21.178586960 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:21.178653002 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:21.377388954 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:21.377464056 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:21.576349020 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:21.576420069 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:21.775223017 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:21.775516987 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:21.974266052 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:21.976038933 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:22.174865961 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:22.177753925 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:22.376810074 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:22.380148888 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:22.578942060 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:22.579032898 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:22.778090954 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:22.778170109 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:23.079514027 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:23.278310061 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:23.278605938 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:23.477520943 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:23.477634907 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:23.676992893 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:23.677062035 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:23.875679970 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:23.875869989 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:24.074598074 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:24.074826956 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:24.273586988 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:24.273663044 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:24.472405910 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:24.472588062 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:24.671295881 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:24.671376944 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:24.870157957 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:24.870320082 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:25.069278955 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:25.069464922 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:25.268265963 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:25.268471003 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:25.467190027 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:25.467262030 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:25.668708086 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:25.668888092 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:25.868096113 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:25.868299007 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:26.067331076 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:26.067506075 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:26.266288042 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:26.266480923 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:26.465169907 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:26.465265036 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:26.664000034 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:26.664064884 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:26.863010883 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:26.863125086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:27.062782049 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:27.062899113 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:27.261770964 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:27.261853933 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:27.460563898 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:27.460645914 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:27.659533978 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:27.659682035 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:27.858603954 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:27.858668089 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:28.057657003 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:28.057806969 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:28.256746054 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:28.256855011 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:28.455725908 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:28.455912113 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:28.654740095 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:28.654966116 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:28.853988886 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:28.854167938 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:29.053137064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:29.053282976 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:29.252346039 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:29.252661943 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:29.451679945 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:29.451994896 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:29.651223898 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:29.651432037 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:29.850369930 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:29.850565910 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:30.049297094 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:30.049376965 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:30.248255014 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:30.248318911 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:30.447174072 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:30.447474003 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:30.646251917 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:30.646333933 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:30.845216990 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:30.845415115 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:31.044522047 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:31.044909000 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:31.245650053 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:31.245728016 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:31.446908951 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:31.446974039 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:31.646070957 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:31.646284103 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:31.845271111 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:31.845510960 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:32.044346094 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:32.044477940 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:32.243735075 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:32.243815899 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:32.442739964 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:32.442981958 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:32.642093897 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:32.642168045 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:32.841192961 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:32.841444969 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:33.040764093 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:33.040988922 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:33.239970922 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:33.240045071 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:33.439326048 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:33.439444065 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:33.638870001 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:33.639101982 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:33.838193893 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:33.838264942 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:34.037266970 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:34.037482023 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:34.236354113 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:34.236478090 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:34.435430050 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:34.435496092 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:34.634509087 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:34.634613991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:34.833657980 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:34.833844900 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:35.032747030 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:35.467092037 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:35.666299105 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:36.651052952 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:36.850334883 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:36.850522041 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:37.049550056 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:37.049771070 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:37.248785973 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:37.248977900 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:37.447952032 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:37.448132038 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:37.647258043 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:37.647427082 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:37.846666098 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:37.846859932 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:38.046011925 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:38.046080112 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:38.245012999 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:38.245089054 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:38.443913937 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:38.444009066 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:38.642878056 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:38.643126965 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:38.842354059 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:38.842580080 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:39.041929960 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:39.042191029 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:39.241379023 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:39.241504908 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:39.440779924 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:39.440967083 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:39.640017986 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:39.640182018 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:39.839425087 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:39.839512110 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:40.038573980 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:40.038666964 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:40.237663984 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:40.237818956 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:40.436903954 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:40.437004089 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:40.636192083 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:40.636413097 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:40.835344076 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:40.835572004 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:41.034497976 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:41.034740925 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:41.233925104 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:41.234052896 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:41.434009075 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:41.434139967 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:41.633096933 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:41.633199930 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:41.832273006 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:41.832380056 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:42.031234026 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:42.031347990 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:42.230247974 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:42.230344057 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:42.429301023 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:42.429416895 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:42.628312111 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:42.628407001 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:42.827327013 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:42.827419043 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:43.026294947 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:43.026387930 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:43.225424051 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:43.225577116 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:43.424478054 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:43.424631119 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:43.623630047 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:43.624217033 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:43.823105097 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:43.823339939 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:44.022306919 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:44.022988081 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:44.221806049 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:44.221905947 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:44.420815945 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:44.420886040 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:44.620044947 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:44.620146036 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:44.819205999 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:44.819586992 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:45.018446922 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:45.018521070 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:45.217375994 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:45.217477083 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:45.416264057 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:45.416353941 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:45.615314007 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:45.615420103 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:45.814189911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:45.814284086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:46.013326883 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:46.013411045 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:46.212321997 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:46.212423086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:46.411473036 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:46.411569118 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:46.610542059 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:46.610658884 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:46.809506893 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:46.809650898 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:47.008390903 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:47.008491993 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:47.207406998 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:47.207513094 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:47.406320095 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:47.406620026 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:47.605514050 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:47.605601072 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:47.804419994 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:47.804557085 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:48.003309011 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:48.003509045 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:48.202558041 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:48.202661991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:48.401544094 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:48.401702881 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:48.600532055 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:48.600616932 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:48.799431086 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:48.801464081 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:49.000286102 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:49.000437975 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:49.199423075 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:49.199599028 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:49.398504972 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:49.398616076 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:49.597451925 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:49.597616911 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:49.796406984 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:49.796519041 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:49.995369911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:49.995533943 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:50.194331884 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:50.194705963 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:50.393419981 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:50.394078970 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:50.592967987 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:50.593893051 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:50.792665958 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:50.793174982 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:50.992007017 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:50.992178917 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:51.191080093 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:51.191164970 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:51.391694069 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:51.391784906 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:51.590689898 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:51.591029882 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:51.789866924 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:51.789963961 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:51.989012957 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:51.989094973 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:52.188235044 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:52.328387976 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:52.527391911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:53.669172049 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:53.867948055 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:53.868056059 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:54.066885948 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:54.066983938 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:54.265986919 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:54.266196966 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:54.465086937 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:54.465192080 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:54.663960934 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:54.664026022 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:54.862869978 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:54.863209963 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:55.062057018 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:55.062217951 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:55.261111021 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:55.261198044 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:55.459958076 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:55.460069895 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:55.659121037 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:55.659285069 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:55.858165979 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:55.861329079 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:56.060156107 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:56.060214996 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:56.259126902 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:56.259371042 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:56.458177090 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:56.458265066 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:56.657118082 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:56.657347918 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:56.856259108 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:56.856360912 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:57.055901051 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:57.056056023 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:57.254909992 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:57.255759001 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:57.454543114 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:57.457689047 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:57.656379938 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:57.657866001 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:57.856694937 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:57.857932091 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:58.056749105 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:58.057395935 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:58.256196022 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:58.256373882 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:58.455262899 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:58.455326080 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:58.654218912 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:58.654347897 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:58.853152990 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:58.853444099 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:59.052484035 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:59.052571058 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:59.251583099 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:59.251879930 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:59.450927973 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:59.451153994 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:59.650326967 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:59.650515079 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:48:59.849535942 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:48:59.849611998 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:00.048693895 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:00.048881054 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:00.247996092 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:00.248178959 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:00.446983099 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:00.447047949 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:00.646044016 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:00.646276951 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:00.845235109 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:00.845413923 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:01.044642925 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:01.044735909 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:01.243777037 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:01.243876934 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:01.442810059 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:01.443089008 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:01.642374039 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:01.642469883 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:01.841811895 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:01.842034101 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:02.040879965 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:02.040971994 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:02.239712000 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:02.239903927 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:02.438823938 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:02.439009905 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:02.638221025 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:02.638529062 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:02.837553024 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:02.837814093 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:03.036936045 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:03.037003994 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:03.236063957 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:03.236275911 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:03.435168028 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:03.435339928 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:03.634265900 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:03.634576082 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:03.833482027 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:03.833787918 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:04.032727957 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:04.032883883 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:04.231777906 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:04.231925011 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:04.430900097 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:04.431066036 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:04.629945993 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:04.630072117 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:04.829121113 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:04.829332113 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:05.028347015 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:05.028439999 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:05.227416039 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:05.227510929 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:05.426582098 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:05.426788092 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:05.626077890 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:05.626363993 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:05.825269938 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:05.825351954 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:06.024398088 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:06.024589062 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:06.223412037 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:06.223565102 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:06.422370911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:06.422461987 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:06.621386051 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:06.621551037 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:06.820452929 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:06.820671082 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:07.019706964 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:07.019773960 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:07.218825102 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:07.219028950 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:07.418025017 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:07.418231964 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:07.617276907 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:07.617351055 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:07.816297054 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:07.816643000 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:08.015467882 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:08.015816927 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:08.215044022 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:08.215214014 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:08.414436102 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:08.414633036 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:08.614031076 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:08.614176035 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:08.813350916 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:08.813426018 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:09.012501955 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:09.012619972 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:09.211678982 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:09.433489084 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:09.632509947 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:09.632582903 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:09.831482887 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:10.902467012 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:11.101428986 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:11.101677895 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:11.300791979 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:11.301079035 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:11.500056028 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:11.500227928 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:11.699254036 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:11.699362993 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:11.898205996 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:11.898300886 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:12.097145081 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:12.097271919 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:12.296406984 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:12.296624899 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:12.495734930 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:12.495820045 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:12.694557905 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:12.694816113 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:12.893807888 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:12.894012928 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:13.092955112 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:13.093202114 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:13.292248964 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:13.292409897 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:13.491264105 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:13.491336107 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:13.690418005 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:13.690653086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:13.889759064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:13.889919043 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:14.088826895 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:14.088968992 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:14.287970066 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:14.288038969 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:14.487060070 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:14.487237930 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:14.686359882 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:14.686450958 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:14.885715961 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:14.885977983 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:15.085140944 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:15.085268974 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:15.284378052 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:15.284537077 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:15.483671904 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:15.483793974 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:15.682841063 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:15.682955980 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:15.882064104 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:15.882205009 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:16.081348896 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:16.081557989 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:16.280541897 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:16.280730009 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:16.479810953 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:16.479995966 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:16.679151058 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:16.679239988 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:16.878099918 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:16.878340006 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:17.077471018 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:17.077740908 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:17.276638031 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:17.276736975 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:17.475672960 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:17.475792885 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:17.674727917 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:17.674828053 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:17.875085115 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:17.875202894 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:18.074395895 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:18.074666977 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:18.273776054 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:18.274025917 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:18.473257065 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:18.473440886 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:18.672660112 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:18.672789097 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:18.871941090 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:18.872060061 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:19.071141005 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:19.071237087 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:19.270488024 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:19.270777941 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:19.469985008 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:19.470132113 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:19.669086933 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:19.669177055 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:19.868340969 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:19.868455887 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:20.067588091 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:20.067842960 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:20.266778946 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:20.266860008 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:20.465615988 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:20.465801001 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:20.664643049 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:20.664894104 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:20.864068985 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:20.864142895 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:21.063347101 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:21.063476086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:21.262393951 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:21.262502909 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:21.461317062 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:21.461405993 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:21.660116911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:21.660375118 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:21.859185934 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:21.859483004 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:22.058286905 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:22.058377028 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:22.257329941 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:22.257392883 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:22.456137896 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:22.456209898 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:22.654948950 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:22.655025005 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:22.853776932 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:22.853836060 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:23.052680016 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:23.052920103 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:23.251944065 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:23.252126932 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:23.451101065 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:23.451466084 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:23.650583982 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:23.651786089 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:23.851244926 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:23.852689981 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:24.051726103 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:24.051847935 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:24.250786066 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:24.252099991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:24.450989962 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:24.453727961 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:24.652724981 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:24.653022051 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:24.852076054 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:24.852154016 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:25.051053047 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:25.051290035 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:25.250159025 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:25.250247002 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:25.449104071 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:25.449184895 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:25.648086071 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:25.648224115 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:25.847188950 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:25.847280025 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:26.046294928 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:26.046390057 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:26.245338917 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:28.083578110 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:28.282978058 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:28.283189058 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:28.482280016 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:28.482633114 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:28.681706905 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:28.681773901 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:28.880829096 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:28.880954027 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:29.080295086 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:29.080553055 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:29.279444933 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:29.279577971 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:29.478578091 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:29.478832006 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:29.677817106 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:29.678081989 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:29.876951933 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:29.877132893 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:30.076047897 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:30.076145887 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:30.275357962 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:30.275758982 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:30.474740982 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:30.474822998 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:30.673855066 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:30.674139023 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:30.873378038 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:30.873466015 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:31.072539091 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:31.072654963 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:31.271792889 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:31.271954060 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:31.470992088 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:31.471190929 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:31.670295000 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:31.670360088 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:31.869255066 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:31.869503021 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:32.068460941 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:32.068558931 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:32.267445087 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:32.267523050 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:32.466315031 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:32.466379881 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:32.665189981 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:32.665380955 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:32.864191055 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:32.864262104 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:33.063246965 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:33.063558102 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:33.262402058 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:33.262517929 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:33.461401939 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:33.461491108 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:33.660518885 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:33.660712004 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:33.860414982 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:33.860594988 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:34.059573889 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:34.059715033 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:34.258879900 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:34.259059906 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:34.458035946 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:34.458267927 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:34.657149076 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:34.657241106 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:34.856036901 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:34.856136084 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:35.054984093 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:35.055277109 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:35.254240036 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:35.254313946 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:35.453227997 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:35.453418016 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:35.652426958 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:35.652669907 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:35.851521015 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:35.851783991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:36.050864935 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:36.050996065 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:36.249819994 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:36.250015020 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:36.448934078 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:36.449119091 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:36.647952080 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:36.648264885 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:36.847320080 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:36.847515106 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:37.046638966 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:37.046912909 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:37.245951891 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:37.246157885 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:37.445152998 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:37.445430040 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:37.644609928 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:37.644884109 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:37.844062090 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:37.844440937 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:38.043459892 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:38.043793917 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:38.242995977 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:38.243302107 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:38.442255974 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:38.442482948 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:38.641562939 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:38.641865969 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:38.840959072 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:38.841108084 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:39.040143013 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:39.040431023 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:39.239443064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:39.239619970 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:39.438582897 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:39.438705921 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:39.637640953 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:39.638082027 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:39.837249041 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:39.837366104 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:40.036736012 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:40.036935091 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:40.237529039 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:40.237612009 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:40.438553095 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:40.438640118 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:40.637696981 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:40.637902975 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:40.837335110 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:40.837721109 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:41.036806107 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:41.036879063 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:41.235951900 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:41.236052036 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:41.435313940 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:41.435547113 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:41.634798050 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:41.634875059 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:41.833803892 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:41.833998919 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:42.032931089 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:42.033025980 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:42.231966972 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:42.232038021 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:42.431022882 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:42.431154013 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:42.630193949 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:42.630280018 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:42.829396009 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:42.829543114 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:43.029088020 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:43.029233932 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:43.228790998 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:43.229027033 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:43.428271055 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:43.877068043 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:44.076175928 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:45.341370106 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:45.540376902 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:45.540447950 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:45.739547968 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:45.739908934 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:45.938954115 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:45.939028978 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:46.138022900 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:46.138232946 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:46.337080956 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:46.337169886 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:46.536115885 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:46.536192894 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:46.735313892 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:46.735469103 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:46.934453011 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:46.934700012 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:47.133663893 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:47.133740902 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:47.332752943 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:47.332902908 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:47.531944036 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:47.532329082 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:47.731359005 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:47.731430054 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:47.930306911 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:47.930500031 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:48.129296064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:48.129365921 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:48.328284979 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:48.328360081 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:48.527370930 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:48.527534008 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:48.726466894 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:48.726707935 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:48.925529003 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:48.925775051 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:49.124695063 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:49.124816895 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:49.323757887 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:49.323859930 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:49.522804976 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:49.522883892 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:49.721828938 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:49.721965075 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:49.921134949 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:49.921293974 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:50.120146036 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:50.120342016 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:50.319202900 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:50.319505930 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:50.518668890 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:50.518912077 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:50.717982054 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:50.718115091 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:50.917248011 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:50.917596102 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:51.117099047 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:51.117175102 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:51.315988064 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:51.316070080 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:51.514890909 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:51.515177965 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:51.714198112 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:51.714299917 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:51.913392067 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:51.913602114 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:52.112905979 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:52.113158941 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:52.312319040 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:52.312402010 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:52.511817932 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:52.511967897 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:52.711286068 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:52.711556911 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:52.910862923 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:52.911010027 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:53.110436916 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:53.110641003 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:53.310653925 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:53.310962915 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:53.510385990 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:53.510492086 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:53.709702969 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:53.709918976 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:53.909277916 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:53.909461975 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:54.108639002 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:54.108752012 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:54.307771921 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:54.307961941 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:54.507050037 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:54.507441044 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:54.706656933 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:54.706988096 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:54.906229019 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:54.906352997 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:55.105262041 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:55.105356932 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:55.304164886 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:55.304353952 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:55.503216982 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:55.503314018 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:55.702198982 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:55.702276945 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:55.901351929 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:55.901456118 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:56.100629091 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:56.100733995 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:56.299835920 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:56.299926043 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:56.498851061 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:56.498941898 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:56.697988033 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:56.698141098 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:56.897423029 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:56.897532940 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:57.096472979 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:57.096585989 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:57.295516014 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:57.295641899 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:57.494534969 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:57.494610071 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:57.693622112 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:57.693851948 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:57.893008947 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:57.893105030 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:58.092147112 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:58.092230082 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:58.291275978 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:58.291376114 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:58.490636110 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:58.490844965 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:58.689982891 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:58.690066099 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:58.889204979 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:58.889337063 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:59.088486910 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:59.088682890 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:59.287772894 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:59.287847996 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:59.486619949 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:59.486913919 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:59.685817003 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:59.686121941 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:49:59.884936094 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:49:59.885030031 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:00.084011078 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:00.084115028 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:00.283154011 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:00.283247948 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:00.482440948 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:00.482623100 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:00.682133913 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:00.682240009 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:00.881345987 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:00.903740883 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:01.103291988 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:02.578895092 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:02.777952909 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:02.778075933 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:02.976897001 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:02.976994991 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:03.175790071 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:03.175882101 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:03.374654055 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:03.374732018 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:03.577020884 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:03.577126980 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:03.776218891 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:03.776336908 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:03.975442886 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:03.975549936 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:04.175187111 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:04.175297976 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:04.374433041 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:04.374526978 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:04.574295998 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:04.574418068 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:04.773430109 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:04.773509026 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:04.972440004 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:04.972573996 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:05.143338919 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:05.143490076 CET4973616992192.168.2.43.68.171.119
                                                      Feb 11, 2024 06:50:05.171531916 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:05.342248917 CET16992497363.68.171.119192.168.2.4
                                                      Feb 11, 2024 06:50:07.280173063 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:07.487283945 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:07.487473965 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:07.531136036 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:07.738277912 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:07.738358974 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:07.945194006 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:07.945271969 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:08.152173042 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:08.152339935 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:08.359319925 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:08.359477997 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:08.566694021 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:08.566939116 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:08.773958921 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:08.774039984 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:08.981157064 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:08.981312990 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:09.188110113 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:09.188266039 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:09.394999027 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:09.395087004 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:09.602077961 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:09.602307081 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:09.809264898 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:09.809528112 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:10.016794920 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:10.016902924 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:10.224164963 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:10.224451065 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:10.431490898 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:10.431705952 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:10.638801098 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:10.638948917 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:10.846316099 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:10.846705914 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:11.053845882 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:11.053962946 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:11.260902882 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:11.261033058 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:11.468089104 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:11.468203068 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:11.675175905 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:11.675290108 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:11.882102966 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:11.882234097 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:12.089327097 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:12.089461088 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:12.296534061 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:12.296742916 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:12.504182100 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:12.504288912 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:12.711308956 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:12.711491108 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:12.918561935 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:12.918667078 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:13.125829935 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:13.125941038 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:13.332818985 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:13.332886934 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:13.540045023 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:13.540242910 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:13.747361898 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:13.747476101 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:13.954632044 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:13.954917908 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:14.161995888 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:14.162246943 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:14.369545937 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:14.369638920 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:14.576632977 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:14.576754093 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:14.783854008 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:14.783968925 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:14.990914106 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:14.991060019 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:15.197910070 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:15.198074102 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:15.404927969 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:15.405211926 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:15.612085104 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:15.612195015 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:15.819027901 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:15.819134951 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:16.026573896 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:16.026654959 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:16.233514071 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:16.233639956 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:16.440505028 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:16.440716982 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:16.647468090 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:16.647691965 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:16.854368925 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:16.854449987 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:17.061168909 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:17.061233044 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:17.268090963 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:17.268292904 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:17.475308895 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:17.475425005 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:17.682559967 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:17.682656050 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:17.889575005 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:19.695789099 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:19.902638912 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:19.902904987 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:20.109684944 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:20.109810114 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:20.316723108 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:20.316906929 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:20.523644924 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:20.523730993 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:20.730777979 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:20.730870008 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:20.937649012 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:20.937851906 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:21.144629955 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:21.144746065 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:21.351524115 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:21.351604939 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:21.558373928 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:21.558620930 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:21.765454054 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:21.765674114 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:21.972486019 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:21.972619057 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:22.179457903 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:22.179589033 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:22.386338949 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:22.386604071 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:22.593489885 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:22.593568087 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:22.800621986 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:22.800719023 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:23.007438898 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:23.007755041 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:23.214657068 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:23.214828014 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:23.421614885 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:23.421730995 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:23.628554106 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:23.628693104 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:23.835886955 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:23.835988998 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:24.042785883 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:24.042996883 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:24.249815941 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:24.250020981 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:24.456929922 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:24.457067013 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:24.664169073 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:24.664429903 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:24.871381998 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:24.871455908 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:25.078368902 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:25.078707933 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:25.285815954 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:25.286086082 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:25.492964983 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:25.493046999 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:25.700299978 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:25.700431108 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:25.907360077 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:25.907474995 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:26.114703894 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:26.114806890 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:26.321834087 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:26.321932077 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:26.528810978 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:26.529071093 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:26.736232042 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:26.736318111 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:26.943193913 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:26.943315029 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:27.150224924 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:27.150487900 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:27.357382059 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:27.357451916 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:27.564428091 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:27.564543009 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:27.771398067 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:27.771769047 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:27.978876114 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:27.979031086 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:28.185880899 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:28.186014891 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:28.392889023 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:28.393076897 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:28.599956989 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:28.600033045 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:28.806900978 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:28.807041883 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:29.014027119 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:29.014389038 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:29.221472979 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:29.221553087 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:29.428667068 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:29.428844929 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:29.635730028 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:29.635927916 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:29.842847109 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:29.843034029 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:30.049997091 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:30.050239086 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:30.257059097 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:30.257189989 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:30.464118004 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:30.464220047 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:30.671180010 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:30.671356916 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:30.878375053 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:30.878494024 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:31.085685968 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:31.085836887 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:31.292761087 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:31.293061972 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:31.499836922 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:31.500112057 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:31.707258940 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:31.707592964 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:31.914815903 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:31.914928913 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:32.121737003 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:32.121838093 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:32.328964949 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:32.329121113 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:32.536218882 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:32.536478043 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:32.743251085 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:32.743341923 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:32.950952053 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:32.951054096 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:33.157944918 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:33.158056021 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:33.364803076 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:33.364911079 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:33.571708918 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:33.571785927 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:33.778650999 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:33.778973103 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:33.985872984 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:33.985960007 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:34.192864895 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:34.192969084 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:34.400584936 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:34.400955915 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:34.608161926 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:34.608287096 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:34.815284967 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:34.815686941 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:35.022620916 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:35.326179028 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:35.533025980 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:36.770117998 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:36.976861954 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:36.976938963 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:37.184983969 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:37.185173988 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:37.392040014 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:37.392307043 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:37.599268913 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:37.599477053 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:37.806587934 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:37.806788921 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:38.013967037 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:38.014091015 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:38.221261024 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:38.221358061 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:38.428494930 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:38.428610086 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:38.635457993 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:38.635529995 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:38.842669964 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:38.842891932 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:39.049958944 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:39.050077915 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:39.257158995 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:39.257231951 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:39.464186907 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:39.464477062 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:39.671511889 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:39.671724081 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:39.878882885 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:39.878962994 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:40.085793972 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:40.085931063 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:40.292876005 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:40.292990923 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:40.499975920 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:40.500051022 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:40.707251072 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:40.707395077 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:40.914483070 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:40.914563894 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:41.121500015 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:41.121566057 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:41.328372955 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:41.328511953 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:41.535377979 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:41.535530090 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:41.742275953 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:41.742336988 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:41.949129105 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:41.949372053 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:42.156142950 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:42.156307936 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:42.363260031 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:42.363334894 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:42.570120096 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:42.570245981 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:42.777303934 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:42.777430058 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:42.984266043 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:42.984379053 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:43.191303968 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:43.191431999 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:43.398242950 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:43.398583889 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:43.605468988 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:43.605566025 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:43.812334061 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:43.812505007 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:44.019355059 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:44.019457102 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:44.226353884 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:44.226557016 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:44.433574915 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:44.433835983 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:44.640966892 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:44.641112089 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:44.848000050 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:44.848114014 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:45.055044889 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:45.055145979 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:45.262264013 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:45.262449980 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:45.469561100 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:45.469739914 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:45.676721096 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:45.677119970 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:45.884181023 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:45.884277105 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:46.091469049 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:46.091612101 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:46.299320936 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:46.299495935 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:46.506371021 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:46.506599903 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:46.713490963 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:46.713653088 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:46.920665979 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:46.920934916 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:47.127758026 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:47.127985954 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:47.335072994 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:47.335170031 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:47.542244911 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:47.542330027 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:47.749371052 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:47.749495029 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:47.956517935 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:47.956607103 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:48.164474010 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:48.164556980 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:48.373625994 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:48.373791933 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:48.580852985 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:48.581052065 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:48.788132906 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:48.788218975 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:48.995066881 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:48.995201111 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:49.202414989 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:49.202543974 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:49.409486055 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:49.409619093 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:49.616651058 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:49.616758108 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:49.823740005 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:49.823875904 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:50.031048059 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:50.031362057 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:50.238627911 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:50.238708973 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:50.445658922 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:50.445756912 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:50.652798891 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:50.653119087 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:50.860337019 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:50.860635042 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:51.067718983 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:51.067806005 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:51.274705887 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:51.274971962 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:51.482045889 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:51.482115984 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:51.688854933 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:51.689055920 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:51.895848989 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:51.896054983 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:52.102869987 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:52.102941990 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:52.309998035 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:52.310066938 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:52.516838074 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:54.146159887 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:54.353313923 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:54.353416920 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:54.560168982 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:54.560359955 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:54.767210007 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:54.767282009 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:54.974059105 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:54.974252939 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:55.181265116 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:55.181349993 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:55.388407946 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:55.388547897 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:55.595530987 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:55.595643044 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:55.802623034 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:55.802726030 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:56.009763002 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:56.009835958 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:56.216809988 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:56.217000008 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:56.424072981 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:56.577060938 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:56.784410954 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:56.784672976 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:56.992218971 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:56.992535114 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:57.199625969 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:57.199786901 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:57.406793118 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:57.407031059 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:57.614329100 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:57.614489079 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:57.821341991 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:57.821460962 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:58.028439999 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:58.028721094 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:58.236064911 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:58.236152887 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:58.443061113 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:58.443136930 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:58.649926901 CET169924973852.28.247.255192.168.2.4
                                                      Feb 11, 2024 06:50:58.650027990 CET4973816992192.168.2.452.28.247.255
                                                      Feb 11, 2024 06:50:58.857048035 CET169924973852.28.247.255192.168.2.4

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Feb 11, 2024 06:47:01.233510971 CET5424753192.168.2.41.1.1.1
                                                      Feb 11, 2024 06:47:01.353415966 CET53542471.1.1.1192.168.2.4
                                                      Feb 11, 2024 06:50:07.159255028 CET5450653192.168.2.41.1.1.1
                                                      Feb 11, 2024 06:50:07.279109001 CET53545061.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Feb 11, 2024 06:47:01.233510971 CET192.168.2.41.1.1.10xbd8aStandard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                      Feb 11, 2024 06:50:07.159255028 CET192.168.2.41.1.1.10x1d7aStandard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Feb 11, 2024 06:47:01.353415966 CET1.1.1.1192.168.2.40xbd8aNo error (0)6.tcp.eu.ngrok.io3.68.171.119A (IP address)IN (0x0001)false
                                                      Feb 11, 2024 06:50:07.279109001 CET1.1.1.1192.168.2.40x1d7aNo error (0)6.tcp.eu.ngrok.io52.28.247.255A (IP address)IN (0x0001)false

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:06:46:52
                                                      Start date:11/02/2024
                                                      Path:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      Imagebase:0x190000
                                                      File size:44'032 bytes
                                                      MD5 hash:022ACABAF8AF0E28844B01F4929EE95C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                      • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.1635018211.0000000000192000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.4095165633.0000000002671000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:1
                                                      Start time:06:47:07
                                                      Start date:11/02/2024
                                                      Path:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\M5vARlA2c4.exe" ..
                                                      Imagebase:0x80000
                                                      File size:44'032 bytes
                                                      MD5 hash:022ACABAF8AF0E28844B01F4929EE95C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:06:47:17
                                                      Start date:11/02/2024
                                                      Path:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\M5vARlA2c4.exe" ..
                                                      Imagebase:0xa80000
                                                      File size:44'032 bytes
                                                      MD5 hash:022ACABAF8AF0E28844B01F4929EE95C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:06:47:26
                                                      Start date:11/02/2024
                                                      Path:C:\Users\user\Desktop\M5vARlA2c4.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\M5vARlA2c4.exe" ..
                                                      Imagebase:0xd00000
                                                      File size:44'032 bytes
                                                      MD5 hash:022ACABAF8AF0E28844B01F4929EE95C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:7
                                                      Start time:06:47:34
                                                      Start date:11/02/2024
                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe"
                                                      Imagebase:0x4e0000
                                                      File size:44'032 bytes
                                                      MD5 hash:022ACABAF8AF0E28844B01F4929EE95C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Joe Security
                                                      • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: unknown
                                                      • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: Florian Roth
                                                      • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe, Author: JPCERT/CC Incident Response Group
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 84%, ReversingLabs
                                                      • Detection: 85%, Virustotal, Browse
                                                      Reputation:low
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:9.4%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:1.6%
                                                        Total number of Nodes:183
                                                        Total number of Limit Nodes:15
                                                        execution_graph 28108 bed01c 28109 bed034 28108->28109 28110 bed08e 28109->28110 28115 4b5da59 28109->28115 28124 4b5bfa4 28109->28124 28133 4b5cd08 28109->28133 28137 4b5ccf8 28109->28137 28116 4b5da68 28115->28116 28117 4b5dac9 28116->28117 28119 4b5dab9 28116->28119 28120 4b5dac7 28117->28120 28172 4b5c0cc 28117->28172 28142 4b5dbf0 28119->28142 28153 4b5dbee 28119->28153 28164 4b5dcbc 28119->28164 28120->28120 28125 4b5bfaf 28124->28125 28126 4b5dac9 28125->28126 28128 4b5dab9 28125->28128 28127 4b5c0cc 3 API calls 28126->28127 28129 4b5dac7 28126->28129 28127->28129 28130 4b5dbf0 3 API calls 28128->28130 28131 4b5dcbc 3 API calls 28128->28131 28132 4b5dbee 3 API calls 28128->28132 28129->28129 28130->28129 28131->28129 28132->28129 28134 4b5cd2e 28133->28134 28135 4b5bfa4 3 API calls 28134->28135 28136 4b5cd4f 28135->28136 28136->28110 28138 4b5ccc5 28137->28138 28139 4b5cd06 28137->28139 28138->28110 28140 4b5bfa4 3 API calls 28139->28140 28141 4b5cd4f 28140->28141 28141->28110 28143 4b5dc04 28142->28143 28144 4b5dc1e 28142->28144 28150 4b5dc0b 28143->28150 28187 4b5c12c 28143->28187 28185 4b5c0fc CallWindowProcW CallWindowProcW CallWindowProcW 28144->28185 28147 4b5dc90 28147->28120 28148 4b5dc2d 28148->28150 28186 4b5c0fc CallWindowProcW CallWindowProcW CallWindowProcW 28148->28186 28179 4b5dc97 28150->28179 28182 4b5dca8 28150->28182 28154 4b5dc04 28153->28154 28155 4b5dc1e 28153->28155 28157 4b5c12c 3 API calls 28154->28157 28161 4b5dc0b 28154->28161 28197 4b5c0fc CallWindowProcW CallWindowProcW CallWindowProcW 28155->28197 28157->28161 28158 4b5dc90 28158->28120 28159 4b5dc2d 28159->28161 28198 4b5c0fc CallWindowProcW CallWindowProcW CallWindowProcW 28159->28198 28162 4b5dc97 3 API calls 28161->28162 28163 4b5dca8 3 API calls 28161->28163 28162->28158 28163->28158 28165 4b5dc7a 28164->28165 28166 4b5dcca 28164->28166 28167 4b5c12c 3 API calls 28165->28167 28168 4b5dc85 28167->28168 28170 4b5dc97 3 API calls 28168->28170 28171 4b5dca8 3 API calls 28168->28171 28169 4b5dc90 28169->28120 28170->28169 28171->28169 28173 4b5c0d7 28172->28173 28174 4b5f152 28173->28174 28175 4b5f1fc 28173->28175 28177 4b5f1aa CallWindowProcW 28174->28177 28178 4b5f159 28174->28178 28176 4b5bfa4 2 API calls 28175->28176 28176->28178 28177->28178 28178->28120 28180 4b5dcb9 28179->28180 28194 4b5f0e0 28179->28194 28180->28147 28183 4b5dcb9 28182->28183 28184 4b5f0e0 3 API calls 28182->28184 28183->28147 28184->28183 28185->28148 28186->28150 28188 4b5c137 28187->28188 28189 4b5f152 28188->28189 28190 4b5f1fc 28188->28190 28192 4b5f1aa CallWindowProcW 28189->28192 28193 4b5f159 28189->28193 28191 4b5bfa4 2 API calls 28190->28191 28191->28193 28192->28193 28193->28150 28195 4b5c0cc 3 API calls 28194->28195 28196 4b5f0fa 28195->28196 28196->28180 28197->28159 28198->28161 28199 c30de0 28200 c30df6 28199->28200 28203 c34031 28200->28203 28204 c33ffd 28203->28204 28205 c3403f 28203->28205 28206 c34556 28205->28206 28209 4b51e00 28205->28209 28213 4b51df0 28205->28213 28210 4b51e09 28209->28210 28217 4b519d0 28210->28217 28214 4b51e09 28213->28214 28215 4b519d0 5 API calls 28214->28215 28216 4b51e19 28215->28216 28216->28206 28218 4b519db 28217->28218 28221 4b52ac0 28218->28221 28222 4b52acb 28221->28222 28223 4b53e5c 28222->28223 28225 4b54038 28222->28225 28226 4b54059 28225->28226 28227 4b5407d 28226->28227 28230 4b541e8 28226->28230 28234 4b541d8 28226->28234 28227->28223 28231 4b541f5 28230->28231 28232 4b5422e 28231->28232 28238 4b53af4 28231->28238 28232->28227 28237 4b541f5 28234->28237 28235 4b5422e 28235->28227 28236 4b53af4 5 API calls 28236->28235 28237->28235 28237->28236 28239 4b53aff 28238->28239 28241 4b542a0 28239->28241 28242 4b53b28 28239->28242 28243 4b53b33 28242->28243 28249 4b53b38 28243->28249 28245 4b5430f 28253 4b5a298 28245->28253 28262 4b5a2b0 28245->28262 28246 4b54349 28246->28241 28252 4b53b43 28249->28252 28250 4b55887 28250->28245 28251 4b54038 5 API calls 28251->28250 28252->28250 28252->28251 28255 4b5a2e1 28253->28255 28257 4b5a3e1 28253->28257 28254 4b5a2ed 28254->28246 28255->28254 28271 4b5a528 28255->28271 28275 4b5a51a 28255->28275 28256 4b5a32d 28279 4b5b819 28256->28279 28291 4b5b828 28256->28291 28257->28246 28264 4b5a2e1 28262->28264 28266 4b5a3e1 28262->28266 28263 4b5a2ed 28263->28246 28264->28263 28269 4b5a528 4 API calls 28264->28269 28270 4b5a51a 4 API calls 28264->28270 28265 4b5a32d 28267 4b5b819 2 API calls 28265->28267 28268 4b5b828 2 API calls 28265->28268 28266->28246 28267->28266 28268->28266 28269->28265 28270->28265 28273 4b5a569 GetModuleHandleW LoadLibraryExW GetModuleHandleW 28271->28273 28274 4b5a578 GetModuleHandleW LoadLibraryExW GetModuleHandleW 28271->28274 28272 4b5a532 28272->28256 28273->28272 28274->28272 28276 4b5a532 28275->28276 28277 4b5a569 GetModuleHandleW LoadLibraryExW GetModuleHandleW 28275->28277 28278 4b5a578 GetModuleHandleW LoadLibraryExW GetModuleHandleW 28275->28278 28276->28256 28277->28276 28278->28276 28280 4b5b827 28279->28280 28281 4b59524 GetModuleHandleW 28280->28281 28282 4b5b8ba 28281->28282 28289 4b59524 GetModuleHandleW 28282->28289 28290 4b5bcd8 GetModuleHandleW 28282->28290 28283 4b5b8d6 28284 4b59454 GetModuleHandleW 28283->28284 28286 4b5b902 28283->28286 28285 4b5b946 28284->28285 28287 4b5caf0 CreateWindowExW 28285->28287 28288 4b5cb00 CreateWindowExW 28285->28288 28287->28286 28288->28286 28289->28283 28290->28283 28292 4b5b853 28291->28292 28293 4b59524 GetModuleHandleW 28292->28293 28294 4b5b8ba 28293->28294 28299 4b59524 GetModuleHandleW 28294->28299 28300 4b5bcd8 GetModuleHandleW 28294->28300 28295 4b5b8d6 28296 4b5b902 28295->28296 28297 4b59454 GetModuleHandleW 28295->28297 28296->28296 28298 4b5b946 28297->28298 28301 4b5caf0 CreateWindowExW 28298->28301 28302 4b5cb00 CreateWindowExW 28298->28302 28299->28295 28300->28295 28301->28296 28302->28296 28303 c30ea0 28304 c30eae 28303->28304 28305 c30e5e 28303->28305 28307 c34031 5 API calls 28305->28307 28306 c30e99 28307->28306 28308 4b52af0 28309 4b52b36 GetCurrentProcess 28308->28309 28311 4b52b81 28309->28311 28312 4b52b88 GetCurrentThread 28309->28312 28311->28312 28313 4b52bc5 GetCurrentProcess 28312->28313 28314 4b52bbe 28312->28314 28316 4b52bfb 28313->28316 28314->28313 28315 4b52c23 GetCurrentThreadId 28317 4b52c54 28315->28317 28320 4b52cd0 28316->28320 28323 4b52cc0 28316->28323 28326 4b526cc 28320->28326 28324 4b52cfe 28323->28324 28325 4b526cc DuplicateHandle 28323->28325 28324->28315 28325->28324 28327 4b52d38 DuplicateHandle 28326->28327 28328 4b52cfe 28327->28328 28328->28315 28329 c3a828 28330 c3a85c CreateProcessW 28329->28330 28332 c3aa2b 28330->28332

                                                        Executed Functions

                                                        Function 00C3D698 Relevance: 8.4, Strings: 6, Instructions: 890COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094496693.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c30000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (okq$(okq$(okq$,oq$,oq$Hoq
                                                        • API String ID: 0-2698134226
                                                        • Opcode ID: dfc17f320303e72132fb37aca9a42828f771862a861946318e2cb45b250e8c38
                                                        • Instruction ID: 6dfc6e4ab8dc2b4a280684e6a1ed7860214335d13de095ad0ab7cae15578c032
                                                        • Opcode Fuzzy Hash: dfc17f320303e72132fb37aca9a42828f771862a861946318e2cb45b250e8c38
                                                        • Instruction Fuzzy Hash: 78725270A102199FCB14DF69D984AAEBBF6FF88300F148569E416EB3A5DB34DD41CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C3A7D7 Relevance: 1.8, APIs: 1, Instructions: 266processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1213 c3a7d7-c3a7fc 1217 c3a7fe-c3a85a 1213->1217 1218 c3a85c-c3a89c 1213->1218 1217->1218 1223 c3a8a7-c3a8ae 1218->1223 1224 c3a89e-c3a8a4 1218->1224 1225 c3a8b0-c3a8b6 1223->1225 1226 c3a8b9-c3a8c0 1223->1226 1224->1223 1225->1226 1227 c3a8c2-c3a8de 1226->1227 1228 c3a8df-c3a8e3 1226->1228 1227->1228 1229 c3a903-c3a913 1228->1229 1230 c3a8e5-c3a8fb 1228->1230 1231 c3a932-c3a936 1229->1231 1232 c3a915-c3a931 1229->1232 1230->1229 1233 c3a957-c3a970 1231->1233 1234 c3a938-c3a94f 1231->1234 1232->1231 1235 c3a972-c3a97b 1233->1235 1236 c3a97e-c3a987 1233->1236 1234->1233 1235->1236 1237 c3a9a2-c3a9a6 1236->1237 1238 c3a989-c3a9a0 1236->1238 1239 c3a9c1-c3a9d5 1237->1239 1240 c3a9a8-c3a9b9 1237->1240 1238->1237 1241 c3a9d7 1239->1241 1242 c3a9da-c3aa29 CreateProcessW 1239->1242 1240->1239 1241->1242 1243 c3aa32-c3aa63 1242->1243 1244 c3aa2b-c3aa31 1242->1244 1247 c3aa65-c3aa69 1243->1247 1248 c3aa78-c3aa7c 1243->1248 1244->1243 1247->1248 1249 c3aa6b-c3aa6e 1247->1249 1250 c3aa91-c3aa95 1248->1250 1251 c3aa7e-c3aa82 1248->1251 1249->1248 1252 c3aa97-c3aa9b 1250->1252 1253 c3aaaa-c3aaae 1250->1253 1251->1250 1254 c3aa84-c3aa87 1251->1254 1252->1253 1255 c3aa9d-c3aaa0 1252->1255 1256 c3aab0-c3aabc 1253->1256 1257 c3aabf 1253->1257 1254->1250 1255->1253 1256->1257 1259 c3aac0 1257->1259 1259->1259
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(?,?,00000000,00000000,?,?,?,00000000,00000000,?), ref: 00C3AA19
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094496693.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c30000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 8cf63569c4ab2a8c30af966d1ffafac39c07ff5c41287164186a1e98bed7abc2
                                                        • Instruction ID: fa49f06bba90fd02319b225dc4a72365ea3d7b0c00af144603f87c36d7ea8bb4
                                                        • Opcode Fuzzy Hash: 8cf63569c4ab2a8c30af966d1ffafac39c07ff5c41287164186a1e98bed7abc2
                                                        • Instruction Fuzzy Hash: D7A15771D103499FDB15CFAAC8847DEBBF2AF88304F25812AE454A7290D7709996CF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C3A828 Relevance: 1.7, APIs: 1, Instructions: 215processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1415 c3a828-c3a89c 1418 c3a8a7-c3a8ae 1415->1418 1419 c3a89e-c3a8a4 1415->1419 1420 c3a8b0-c3a8b6 1418->1420 1421 c3a8b9-c3a8c0 1418->1421 1419->1418 1420->1421 1422 c3a8c2-c3a8de 1421->1422 1423 c3a8df-c3a8e3 1421->1423 1422->1423 1424 c3a903-c3a913 1423->1424 1425 c3a8e5-c3a8fb 1423->1425 1426 c3a932-c3a936 1424->1426 1427 c3a915-c3a931 1424->1427 1425->1424 1428 c3a957-c3a970 1426->1428 1429 c3a938-c3a94f 1426->1429 1427->1426 1430 c3a972-c3a97b 1428->1430 1431 c3a97e-c3a987 1428->1431 1429->1428 1430->1431 1432 c3a9a2-c3a9a6 1431->1432 1433 c3a989-c3a9a0 1431->1433 1434 c3a9c1-c3a9d5 1432->1434 1435 c3a9a8-c3a9b9 1432->1435 1433->1432 1436 c3a9d7 1434->1436 1437 c3a9da-c3aa29 CreateProcessW 1434->1437 1435->1434 1436->1437 1438 c3aa32-c3aa63 1437->1438 1439 c3aa2b-c3aa31 1437->1439 1442 c3aa65-c3aa69 1438->1442 1443 c3aa78-c3aa7c 1438->1443 1439->1438 1442->1443 1444 c3aa6b-c3aa6e 1442->1444 1445 c3aa91-c3aa95 1443->1445 1446 c3aa7e-c3aa82 1443->1446 1444->1443 1447 c3aa97-c3aa9b 1445->1447 1448 c3aaaa-c3aaae 1445->1448 1446->1445 1449 c3aa84-c3aa87 1446->1449 1447->1448 1450 c3aa9d-c3aaa0 1447->1450 1451 c3aab0-c3aabc 1448->1451 1452 c3aabf 1448->1452 1449->1445 1450->1448 1451->1452 1454 c3aac0 1452->1454 1454->1454
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(?,?,00000000,00000000,?,?,?,00000000,00000000,?), ref: 00C3AA19
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094496693.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c30000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 31626923342a834c255603a16b720c43593094f8ca97e1493032363a16824e25
                                                        • Instruction ID: 3dde11a7071eb4afce0e94be8506ee0700d9fb594601856a3131195d02accc19
                                                        • Opcode Fuzzy Hash: 31626923342a834c255603a16b720c43593094f8ca97e1493032363a16824e25
                                                        • Instruction Fuzzy Hash: D091F471D10309DFDB14CFA9C94479EBBF2AF88304F25812AE458B7250D770A995CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B52AE0 Relevance: 6.1, APIs: 4, Instructions: 137threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 243 4b52ae0-4b52b7f GetCurrentProcess 247 4b52b81-4b52b87 243->247 248 4b52b88-4b52bbc GetCurrentThread 243->248 247->248 249 4b52bc5-4b52bf9 GetCurrentProcess 248->249 250 4b52bbe-4b52bc4 248->250 252 4b52c02-4b52c1a 249->252 253 4b52bfb-4b52c01 249->253 250->249 264 4b52c1d call 4b52cd0 252->264 265 4b52c1d call 4b52cc0 252->265 253->252 255 4b52c23-4b52c52 GetCurrentThreadId 257 4b52c54-4b52c5a 255->257 258 4b52c5b-4b52cbd 255->258 257->258 264->255 265->255
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 04B52B6E
                                                        • GetCurrentThread.KERNEL32 ref: 04B52BAB
                                                        • GetCurrentProcess.KERNEL32 ref: 04B52BE8
                                                        • GetCurrentThreadId.KERNEL32 ref: 04B52C41
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 357f1d8e9428457ca9b47ff12b0b8c68b7e5c3bfd103bace6980cff496ac6f23
                                                        • Instruction ID: 2df80b00219605c85ebc97e2a94eb3f6f0dfdd3249ba467cbf8df00a538a5722
                                                        • Opcode Fuzzy Hash: 357f1d8e9428457ca9b47ff12b0b8c68b7e5c3bfd103bace6980cff496ac6f23
                                                        • Instruction Fuzzy Hash: E45164B09016098FDB18DFAAC548BDEBFF1EB48314F24C59AE408A7361D734A944CF66
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B52AF0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 266 4b52af0-4b52b7f GetCurrentProcess 270 4b52b81-4b52b87 266->270 271 4b52b88-4b52bbc GetCurrentThread 266->271 270->271 272 4b52bc5-4b52bf9 GetCurrentProcess 271->272 273 4b52bbe-4b52bc4 271->273 275 4b52c02-4b52c1a 272->275 276 4b52bfb-4b52c01 272->276 273->272 287 4b52c1d call 4b52cd0 275->287 288 4b52c1d call 4b52cc0 275->288 276->275 278 4b52c23-4b52c52 GetCurrentThreadId 280 4b52c54-4b52c5a 278->280 281 4b52c5b-4b52cbd 278->281 280->281 287->278 288->278
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 04B52B6E
                                                        • GetCurrentThread.KERNEL32 ref: 04B52BAB
                                                        • GetCurrentProcess.KERNEL32 ref: 04B52BE8
                                                        • GetCurrentThreadId.KERNEL32 ref: 04B52C41
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 8ef21c815c2d426bc16a6515c1aca6a6217a2fbe4059762cf051b77dc3560eca
                                                        • Instruction ID: 2c453fd824d077568e886c0c59fa740405d929ef1e2a7e8720b619f10f526859
                                                        • Opcode Fuzzy Hash: 8ef21c815c2d426bc16a6515c1aca6a6217a2fbe4059762cf051b77dc3560eca
                                                        • Instruction Fuzzy Hash: 6E5135B09016098FDB18DFAAD548BDEFBF1EB48314F24C499E409A7360D774A944CF69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B5A578 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1455 4b5a578-4b5a587 1456 4b5a5b3-4b5a5b7 1455->1456 1457 4b5a589-4b5a596 call 4b59454 1455->1457 1459 4b5a5b9-4b5a5c3 1456->1459 1460 4b5a5cb-4b5a60c 1456->1460 1463 4b5a5ac 1457->1463 1464 4b5a598 1457->1464 1459->1460 1466 4b5a60e-4b5a616 1460->1466 1467 4b5a619-4b5a627 1460->1467 1463->1456 1510 4b5a59e call 4b5a801 1464->1510 1511 4b5a59e call 4b5a810 1464->1511 1466->1467 1468 4b5a629-4b5a62e 1467->1468 1469 4b5a64b-4b5a64d 1467->1469 1471 4b5a630-4b5a637 call 4b59460 1468->1471 1472 4b5a639 1468->1472 1474 4b5a650-4b5a657 1469->1474 1470 4b5a5a4-4b5a5a6 1470->1463 1473 4b5a6e8-4b5a7a8 1470->1473 1476 4b5a63b-4b5a649 1471->1476 1472->1476 1505 4b5a7b0-4b5a7db GetModuleHandleW 1473->1505 1506 4b5a7aa-4b5a7ad 1473->1506 1477 4b5a664-4b5a66b 1474->1477 1478 4b5a659-4b5a661 1474->1478 1476->1474 1479 4b5a66d-4b5a675 1477->1479 1480 4b5a678-4b5a681 call 4b53a68 1477->1480 1478->1477 1479->1480 1486 4b5a683-4b5a68b 1480->1486 1487 4b5a68e-4b5a693 1480->1487 1486->1487 1488 4b5a695-4b5a69c 1487->1488 1489 4b5a6b1-4b5a6be 1487->1489 1488->1489 1491 4b5a69e-4b5a6ae call 4b576bc call 4b59470 1488->1491 1496 4b5a6e1-4b5a6e7 1489->1496 1497 4b5a6c0-4b5a6de 1489->1497 1491->1489 1497->1496 1507 4b5a7e4-4b5a7f8 1505->1507 1508 4b5a7dd-4b5a7e3 1505->1508 1506->1505 1508->1507 1510->1470 1511->1470
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: f4584d0a2009df966748b7c6904b972688ef2235616f7f8d4d4cd2bb62484c4e
                                                        • Instruction ID: 17919ec7f116d6790ad6343794aaa97214b3ae95dd835cebe40f06411f1b0d47
                                                        • Opcode Fuzzy Hash: f4584d0a2009df966748b7c6904b972688ef2235616f7f8d4d4cd2bb62484c4e
                                                        • Instruction Fuzzy Hash: 10710370A00B058FDB24DF69D05475ABBF5FB88304F008A6ED88AA7A60DB75F845CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B5CB44 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2201 4b5cb44-4b5cbb6 2202 4b5cbc1-4b5cbc8 2201->2202 2203 4b5cbb8-4b5cbbe 2201->2203 2204 4b5cbd3-4b5cc0b 2202->2204 2205 4b5cbca-4b5cbd0 2202->2205 2203->2202 2206 4b5cc13-4b5cc72 CreateWindowExW 2204->2206 2205->2204 2207 4b5cc74-4b5cc7a 2206->2207 2208 4b5cc7b-4b5ccb3 2206->2208 2207->2208 2212 4b5ccb5-4b5ccb8 2208->2212 2213 4b5ccc0 2208->2213 2212->2213 2214 4b5ccc1 2213->2214 2214->2214
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04B5CC62
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: fa50aba657ef4193aae98f22461e1faa47d6421b760fd0f4f84a6b11294be261
                                                        • Instruction ID: da942c56c8fe42e3552455fe209699c758ffcea8af2f671e90df34edf1bb70b9
                                                        • Opcode Fuzzy Hash: fa50aba657ef4193aae98f22461e1faa47d6421b760fd0f4f84a6b11294be261
                                                        • Instruction Fuzzy Hash: 585190B1D003499FDB14CF99C984ADEBFB5FF48310F24816AE819AB221D775A985CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B5BF7C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2215 4b5bf7c-4b5cbb6 2217 4b5cbc1-4b5cbc8 2215->2217 2218 4b5cbb8-4b5cbbe 2215->2218 2219 4b5cbd3-4b5cc72 CreateWindowExW 2217->2219 2220 4b5cbca-4b5cbd0 2217->2220 2218->2217 2222 4b5cc74-4b5cc7a 2219->2222 2223 4b5cc7b-4b5ccb3 2219->2223 2220->2219 2222->2223 2227 4b5ccb5-4b5ccb8 2223->2227 2228 4b5ccc0 2223->2228 2227->2228 2229 4b5ccc1 2228->2229 2229->2229
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04B5CC62
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: dcf246158f984825bed0a3aa06e76ece3428556812e85a335f56d833ccf21a57
                                                        • Instruction ID: fadfc0ed2fc33c8982effae6e737b1b6b2e5aadef68a458863bec6d84646b7c6
                                                        • Opcode Fuzzy Hash: dcf246158f984825bed0a3aa06e76ece3428556812e85a335f56d833ccf21a57
                                                        • Instruction Fuzzy Hash: 535190B1D003499FDB14CF99C984ADEBFB5FF48310F24816AE819AB220D775A845CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B5C0CC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2230 4b5c0cc-4b5f14c 2233 4b5f152-4b5f157 2230->2233 2234 4b5f1fc-4b5f21c call 4b5bfa4 2230->2234 2236 4b5f159-4b5f190 2233->2236 2237 4b5f1aa-4b5f1e2 CallWindowProcW 2233->2237 2242 4b5f21f-4b5f22c 2234->2242 2245 4b5f192-4b5f198 2236->2245 2246 4b5f199-4b5f1a8 2236->2246 2239 4b5f1e4-4b5f1ea 2237->2239 2240 4b5f1eb-4b5f1fa 2237->2240 2239->2240 2240->2242 2245->2246 2246->2242
                                                        APIs
                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 04B5F1D1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: CallProcWindow
                                                        • String ID:
                                                        • API String ID: 2714655100-0
                                                        • Opcode ID: 7313a8a2122f4aa7e059918334bb2001c13bffeae5f8c2e25a7520f25e468b41
                                                        • Instruction ID: 2e19ccdbc1f0fb24418210fa5a950fde38d5febb9413c9a25449b26cb82bc8aa
                                                        • Opcode Fuzzy Hash: 7313a8a2122f4aa7e059918334bb2001c13bffeae5f8c2e25a7520f25e468b41
                                                        • Instruction Fuzzy Hash: 804108B5900245DFDB14DF99C848BAAFBF5FB88314F24C499E919AB321D735A841CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B52D30 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2248 4b52d30-4b52d35 2249 4b52d38-4b52dcc DuplicateHandle 2248->2249 2250 4b52dd5-4b52df2 2249->2250 2251 4b52dce-4b52dd4 2249->2251 2251->2250
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04B52CFE,?,?,?,?,?), ref: 04B52DBF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 1fd78065106a8d1fb9531be43f33e68df888338f7bc929be4a36f748c7441118
                                                        • Instruction ID: 661c56dc7b82ee71cec6d7cbff7672fb996d27c119f222c022b8f2cba525fada
                                                        • Opcode Fuzzy Hash: 1fd78065106a8d1fb9531be43f33e68df888338f7bc929be4a36f748c7441118
                                                        • Instruction Fuzzy Hash: F321E5B59002189FDB10CFAAD584ADEFFF4EB48320F14855AE918A7350D379A944CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B526CC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2254 4b526cc-4b52dcc DuplicateHandle 2256 4b52dd5-4b52df2 2254->2256 2257 4b52dce-4b52dd4 2254->2257 2257->2256
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04B52CFE,?,?,?,?,?), ref: 04B52DBF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: c39ebb29b13e39300626a0f248131d7295796ca6dccd87d8bb29ebc8a613456c
                                                        • Instruction ID: 764e92cde494f9434ce46eb9cd06f3f0d75f058c404f89ad5060ca93af903766
                                                        • Opcode Fuzzy Hash: c39ebb29b13e39300626a0f248131d7295796ca6dccd87d8bb29ebc8a613456c
                                                        • Instruction Fuzzy Hash: 5D2114B5901218DFDB10CFAAD584AEEFFF4EB48320F14845AE918A7360D374A940CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B59498 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2260 4b59498-4b5aa10 2262 4b5aa12-4b5aa15 2260->2262 2263 4b5aa18-4b5aa47 LoadLibraryExW 2260->2263 2262->2263 2264 4b5aa50-4b5aa6d 2263->2264 2265 4b5aa49-4b5aa4f 2263->2265 2265->2264
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04B5A849,00000800,00000000,00000000), ref: 04B5AA3A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: d9fae241a6aa75deeaa276098a2ddac72449944c8ce371ee33d0feeee71c6fd3
                                                        • Instruction ID: 120534c08c09c49b9616dded3f772fbc8b9dc17204ea38f8484cbc249fa25922
                                                        • Opcode Fuzzy Hash: d9fae241a6aa75deeaa276098a2ddac72449944c8ce371ee33d0feeee71c6fd3
                                                        • Instruction Fuzzy Hash: 9A1112B69002089FDB20CF9AC544BDEFBF4EB48310F10856AE919B7210C375A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B5A9C9 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04B5A849,00000800,00000000,00000000), ref: 04B5AA3A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 08fdf3c6f951aadaae5f01720411896f5e753565dc7882acccab5561a5c281f0
                                                        • Instruction ID: ffdd8a590881cd18e408edbe3609ac348e61365ce3b3a3e6e769915f639c6373
                                                        • Opcode Fuzzy Hash: 08fdf3c6f951aadaae5f01720411896f5e753565dc7882acccab5561a5c281f0
                                                        • Instruction Fuzzy Hash: 901114B6C002498FDB10CFAAD544BDEFBF4EB88310F14856AD859B7210C375A545CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B59454 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,04B5A594), ref: 04B5A7CE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 31deb75873a641528e4616d000ba8f7ca08b0f088ac1ac503640b8da3a7c3634
                                                        • Instruction ID: e716349c6c521794e97f29472b8f57b809526ede1f35b3cddb6aee563f2f1915
                                                        • Opcode Fuzzy Hash: 31deb75873a641528e4616d000ba8f7ca08b0f088ac1ac503640b8da3a7c3634
                                                        • Instruction Fuzzy Hash: DD11FDB69002498BDB10DF9AD444B9EFBF4EB88324F10856AD929B7220D379A545CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BDD5E0 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094098011.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_bdd000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 417f5ee516ca75f656402f6588eb29836a3762ab512033f68f91ad06cfb8a350
                                                        • Instruction ID: a18b20d92f317ca1ca256228823526328ab4f7e34b1283016c3ec97c56659019
                                                        • Opcode Fuzzy Hash: 417f5ee516ca75f656402f6588eb29836a3762ab512033f68f91ad06cfb8a350
                                                        • Instruction Fuzzy Hash: 5F2100B1604240DFCB05DF54D9C0B26FFA5FB98314F24C6AAE9490B356D336D856CAE2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BED01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094197674.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_bed000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95c1c8fe01435508362e276654f8e70cd4c00fc4764b774446ceb41f281d5224
                                                        • Instruction ID: b7a09ac6b5dcb0f3567fbaa9a16fac67702bf0077cd66a8a86dbc9c0330cd85d
                                                        • Opcode Fuzzy Hash: 95c1c8fe01435508362e276654f8e70cd4c00fc4764b774446ceb41f281d5224
                                                        • Instruction Fuzzy Hash: 9D21F271604280DFCB14DF15D9D4B26BBA5FB84314F28C5ADD80A4B297C3BAD847CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BED006 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094197674.0000000000BED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BED000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_bed000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6ccdebbb06e4b2bab58f9dad2a7c5fdb82631ab6f3d104d3b34998694fdad3e
                                                        • Instruction ID: bf970bc0bc59c2620b5907c30b3c387694d7af79bbb3c5306e72521d5cf4a353
                                                        • Opcode Fuzzy Hash: f6ccdebbb06e4b2bab58f9dad2a7c5fdb82631ab6f3d104d3b34998694fdad3e
                                                        • Instruction Fuzzy Hash: A321A4755093C08FCB02CF20D594715BFB1EB45314F28C5EAD8498B297C33AD80ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BDD5DB Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094098011.0000000000BDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BDD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_bdd000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: 9e57c978508af89c01ea1204de4d98fa1bc8037751efd3c466fb9c1a7b8cc741
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: 07119D76504280CFCB16CF50D9C4B16BFA1FB94314F24C6AAD9490A256C336D85ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00C3E3E8 Relevance: 12.2, Strings: 9, Instructions: 908COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094496693.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c30000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (okq$(okq$(okq$(okq$(okq$(okq$(okq$,oq$,oq
                                                        • API String ID: 0-2115511855
                                                        • Opcode ID: 4cba3c9fd74206dc335f4b291c7e5625331c48502e2116666f5ebff41e8aaf93
                                                        • Instruction ID: bd1b07fe59d9b497acfe90e8d8a5c00fbd34d3147b5df61230f2dc2a3c5ab5aa
                                                        • Opcode Fuzzy Hash: 4cba3c9fd74206dc335f4b291c7e5625331c48502e2116666f5ebff41e8aaf93
                                                        • Instruction Fuzzy Hash: 2D823930A10209DFCB14CFA9D584AAEBBF2FF88314F158569E416AB3A5D734ED81CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B5AC50 Relevance: .5, Instructions: 528COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68a935dbdfe43193af5d244cc3ab73e7c3f8ff356480ddba55b9f189036aaf17
                                                        • Instruction ID: 659dfd07319674a59c5f216c6e147f12430e3f593ae61fea08b0790108e5eff3
                                                        • Opcode Fuzzy Hash: 68a935dbdfe43193af5d244cc3ab73e7c3f8ff356480ddba55b9f189036aaf17
                                                        • Instruction Fuzzy Hash: 45523CB8580746CFE720CF14E5882997BF1FB88324F54461AD5616B2E4E3BC698BCF64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04B59340 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4099917956.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4b50000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 940d7507f0e8c9688b81557b2a2384dbe158926c31045272e259e95bceb3120a
                                                        • Instruction ID: d5861b255c08c00f2dc1aa1c7dad173ba3b1bfe20f9979289f2d97705dc51b71
                                                        • Opcode Fuzzy Hash: 940d7507f0e8c9688b81557b2a2384dbe158926c31045272e259e95bceb3120a
                                                        • Instruction Fuzzy Hash: 14A17E72A00219CFCF05DFB5C88469EF7B2FF89304B1545AAE805AB275EB75E946CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C35A63 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.4094496693.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c30000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 124989efd99f9448302aa5c2eb759d87f451297bebd22af200ad3540332caf26
                                                        • Instruction ID: 90ef62ba34a8d37521adf7343fddd3c57fc1f789273603fceae36642d437d545
                                                        • Opcode Fuzzy Hash: 124989efd99f9448302aa5c2eb759d87f451297bebd22af200ad3540332caf26
                                                        • Instruction Fuzzy Hash: B921D1069A8DE7D7FB0431AB88D13D74391877B1D8BC96B01C33C807EA6D4D408B8217
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Executed Functions

                                                        Function 007148D1 Relevance: 1.7, Strings: 1, Instructions: 476COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: doq
                                                        • API String ID: 0-3318987180
                                                        • Opcode ID: 289a7e81c0c4fc8876a71433a3cf074547580f7118f2830057d303d19254d7ab
                                                        • Instruction ID: 1dae76fd753129bca795261725ae80b2ef0fba61bb1cf0d2fd30d2c3740a1766
                                                        • Opcode Fuzzy Hash: 289a7e81c0c4fc8876a71433a3cf074547580f7118f2830057d303d19254d7ab
                                                        • Instruction Fuzzy Hash: 02224B74A00619DFDB24EF24DD84BA97BB6FB48310F1085AAE509A73A4DB369DC1CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007140F0 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: f48b6a4a6bc123407a2f0f59dace6f32cb4f0f0c66cdf1de70deaab845b8c191
                                                        • Instruction ID: 6770d9dbd69a6da556ef6a013fe9f0dfd43621e1f6f89bcf7f4120b7c02b7e4d
                                                        • Opcode Fuzzy Hash: f48b6a4a6bc123407a2f0f59dace6f32cb4f0f0c66cdf1de70deaab845b8c191
                                                        • Instruction Fuzzy Hash: EF51DF7464154AEFCB05FF68E9C494ABBBAFB48304F005666D404C732DDB72AD49CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00714100 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: 45697b901bb91e70dda8ad4aa07a66145436a42010a2214590e62b6dbe51eb89
                                                        • Instruction ID: f118c882e738326296243bda04ba9a9b31bcae11bd2b502564b48218ac9a7ea4
                                                        • Opcode Fuzzy Hash: 45697b901bb91e70dda8ad4aa07a66145436a42010a2214590e62b6dbe51eb89
                                                        • Instruction Fuzzy Hash: 6851BD7464154AEFCB05FF68E9C095ABBBAFB48314F009A66D4048732DDB72AD49CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007196D8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: eb
                                                        • API String ID: 0-2084175972
                                                        • Opcode ID: 82159b46a53a99a8a34279fff670c78c99004a5d123140e83c289819a38be6ed
                                                        • Instruction ID: 0c83b0d34f03c0f57e061f7856381bec74bd0c910ba40f854643c25c7078e691
                                                        • Opcode Fuzzy Hash: 82159b46a53a99a8a34279fff670c78c99004a5d123140e83c289819a38be6ed
                                                        • Instruction Fuzzy Hash: 3DF02E313052410FE754ABBCA5240AD3BD2DFC432070148B8E906CB39CEE28EE8283A6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00719265 Relevance: .5, Instructions: 527COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6d4963381e759d782a4dfd592883c9005e810c7dced437f04941eb276e086b0f
                                                        • Instruction ID: 44cf01d6f658a7b8227aafa4c6c467002106beadd7a0f2fe8ce82ed368cd1ec6
                                                        • Opcode Fuzzy Hash: 6d4963381e759d782a4dfd592883c9005e810c7dced437f04941eb276e086b0f
                                                        • Instruction Fuzzy Hash: 67F0273164E3881FD717A7F448340ED7F60DA022147010CEBC481DB1D7E9289E4A8392
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00719299 Relevance: .5, Instructions: 507COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 548c30190f336d35fe902e117f2be1037a8095b2f3264d02d0fdc247ed62eca7
                                                        • Instruction ID: 080cda8cd6b323b506d92a6589ba558645a0d594ccb808138e8d6ba3f53a7bf1
                                                        • Opcode Fuzzy Hash: 548c30190f336d35fe902e117f2be1037a8095b2f3264d02d0fdc247ed62eca7
                                                        • Instruction Fuzzy Hash: 9CE09B715493885FD7169BB488650EE7FA0DF062103050CEBD485DB2E6D9289A464392
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00718778 Relevance: .5, Instructions: 505COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c6251b3349df5de225b07cf20218903ca1ac4bf2ebbe09c36f70452e7bcfc77
                                                        • Instruction ID: cbd4c69a413ab6a105296c9dd259642040b9e35559a21700ce8f939175de21a2
                                                        • Opcode Fuzzy Hash: 3c6251b3349df5de225b07cf20218903ca1ac4bf2ebbe09c36f70452e7bcfc77
                                                        • Instruction Fuzzy Hash: 02025C7AA50100DFC7B1F715EED3BAA772AE764710F504A12E0005B3EDDB7AAC848E95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007197C8 Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a87cad8ddc203d2aa63d00efa5ffc7c3e550ab7247e407cbb94bd8ce84fc2604
                                                        • Instruction ID: 489780d17f62fa67806e98ba032a5e8dd8888960e704004a4b6cecd72d3ab3df
                                                        • Opcode Fuzzy Hash: a87cad8ddc203d2aa63d00efa5ffc7c3e550ab7247e407cbb94bd8ce84fc2604
                                                        • Instruction Fuzzy Hash: A04102717082508FD7059B7CA8A44AA7BF5EF8736071504EAD605CB3E6CA39EC46CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00713E00 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7b93e1900b51dac6df6b08e133c4f33c6c7104a26f4e443b6a4a60594f299a4
                                                        • Instruction ID: 25a0fcaac4cee7d261b31f5a4515faf7349aa4ed4a5e5ef8b86938486f826d2f
                                                        • Opcode Fuzzy Hash: f7b93e1900b51dac6df6b08e133c4f33c6c7104a26f4e443b6a4a60594f299a4
                                                        • Instruction Fuzzy Hash: CF319330B00215DFDB15BB78D9557BF7BAEAB88700F004469A105E73A8DF399D868BD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00710890 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eeb6afe092db4874bc0b1130297c6045e8e7b4c87f1c49ef6b99a49bb12273e8
                                                        • Instruction ID: 90be51aa3cc73eb0c3c8b3f97fe792783bec00e64e2c69da7138201576e5bc3d
                                                        • Opcode Fuzzy Hash: eeb6afe092db4874bc0b1130297c6045e8e7b4c87f1c49ef6b99a49bb12273e8
                                                        • Instruction Fuzzy Hash: 87317CB1904348DFDB14DFA9D8457DEBFF5EF49320F10846AE114A72A1D779A480CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007197B9 Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 70ced9a44b90deb98b018f9927e250477efadb0b7c66770ce6bce548fb8cc922
                                                        • Instruction ID: cfd6a1f989d85aa4a058af6c4fd8487fe4fdf585a660b2aafb312a7e2ce77e09
                                                        • Opcode Fuzzy Hash: 70ced9a44b90deb98b018f9927e250477efadb0b7c66770ce6bce548fb8cc922
                                                        • Instruction Fuzzy Hash: C321D7313002104FD714AF69E8A49AABBA6FF853217144579D116CB3E6DF34ED86C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00710994 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e31ad19793a67bbf7dc8d2305a1ebf4356f57cbafc81d26be1a6dbd8085b488
                                                        • Instruction ID: e51c68153bfca83b7b00328eca364cba547154a8845659db55aa68ce7a3dea08
                                                        • Opcode Fuzzy Hash: 0e31ad19793a67bbf7dc8d2305a1ebf4356f57cbafc81d26be1a6dbd8085b488
                                                        • Instruction Fuzzy Hash: 5A31E4B0D01248DFCB24CFA9D584BDDBFF5AF48310F24806AE405AB2A5C7B56985CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00719729 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2a946323cfd4d99d77b1c3b84bf3da563fc205ad2cd7b6a8ff7671b1da2a228
                                                        • Instruction ID: 1010696d263cac41d120d32ecfa3c0567b7027f7b6ac30a77895a0a3ea38143c
                                                        • Opcode Fuzzy Hash: f2a946323cfd4d99d77b1c3b84bf3da563fc205ad2cd7b6a8ff7671b1da2a228
                                                        • Instruction Fuzzy Hash: 9421F3312442441FD715AB7899615EF7BA2EF85310B1449BDD046CB3EAEE28DE8B83D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007109A0 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 34519cec95321221f1c2119ecd875ddd032baf4f56b6de1c0650cc7174df0f6c
                                                        • Instruction ID: ad95f7476bce5def8dc99f13de37e6c4cd661296efb3877e4e55fb01b5bdff92
                                                        • Opcode Fuzzy Hash: 34519cec95321221f1c2119ecd875ddd032baf4f56b6de1c0650cc7174df0f6c
                                                        • Instruction Fuzzy Hash: BE31E2B0D01248DFCB14CF99D584BDDBFF5AF48310F24802AE408AB2A4CBB5A985CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00718F80 Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 86281b27ad29d9f65ba733aa2e703b974ceda565614e7558e41a932ca126b8a4
                                                        • Instruction ID: 787fb58103b640b8b8fd8c976222f33d9c93321faff42b237726e5bc0d58bfb5
                                                        • Opcode Fuzzy Hash: 86281b27ad29d9f65ba733aa2e703b974ceda565614e7558e41a932ca126b8a4
                                                        • Instruction Fuzzy Hash: 90218DB6D00208CFCB60DF99D985BDEBFF9EB48320F10842AD418A7264D775A984CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007196A0 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23cb4015a0f738f8ad272f31197e7a655307ae4188f049e9fa15dd3a6cdce8fe
                                                        • Instruction ID: c4b8d206af5fd8be5cb724be4ce994a2771f11657a878a8c96f16532d4ca95e7
                                                        • Opcode Fuzzy Hash: 23cb4015a0f738f8ad272f31197e7a655307ae4188f049e9fa15dd3a6cdce8fe
                                                        • Instruction Fuzzy Hash: 58018631A4E3845FD7165BB468280EE7FA5DB4612070508FBD485CB2E3D93D9D468791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00713CF8 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d1f8629bf8212e789895d1e117aa867fb7f44e6d162fe5a9921ef008f3b82caa
                                                        • Instruction ID: e43d424870d015a209352375ccb915e15d23a6e0f2838f00424e4bdf66f1e694
                                                        • Opcode Fuzzy Hash: d1f8629bf8212e789895d1e117aa867fb7f44e6d162fe5a9921ef008f3b82caa
                                                        • Instruction Fuzzy Hash: 4011007490010ADFCB01FFA8EC555ADBBB6EF88311F004569D106A73A5DF31AE898FA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0071473C Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9cf73829395d97d313a6ec64963a27e891f94f200d3ab057d84a6f3c85edcce7
                                                        • Instruction ID: 55c8c037dbd82b98a87fbe62d15a2a6c4f4f95750ecdf117a92a4010b1fe954f
                                                        • Opcode Fuzzy Hash: 9cf73829395d97d313a6ec64963a27e891f94f200d3ab057d84a6f3c85edcce7
                                                        • Instruction Fuzzy Hash: 7C1113B5900248CFCB60DF99D444BDEBFF5FB48320F20842AE559A7250C779A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00710DE0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2945ffd866e8a5751b6147688a6108bc6990747e0ca5210c610c82e2ad2b28db
                                                        • Instruction ID: e39c686553ae25af753a02e0536589f0df049b79a45131b710bb6b223552bbb7
                                                        • Opcode Fuzzy Hash: 2945ffd866e8a5751b6147688a6108bc6990747e0ca5210c610c82e2ad2b28db
                                                        • Instruction Fuzzy Hash: 05115EB12006408BC321EB79D54569A7BEBEB81320B14497DC0164B7A8DF76ED898FD5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00719021 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 267e401ed8fb9980f31ef00a765ca79d495bab903f7ed40ee63251ddd43e8696
                                                        • Instruction ID: 41948459331e49caa0528ea617e5b383a29bcb9beabfbf3916d5c2913be97e3d
                                                        • Opcode Fuzzy Hash: 267e401ed8fb9980f31ef00a765ca79d495bab903f7ed40ee63251ddd43e8696
                                                        • Instruction Fuzzy Hash: 5F01B130B082558FCB05EB3CD55465DBBE0AF8A310F01456DD5C5CB3A1DB34DD428782
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007108F8 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7c116f493e7f35f002e28d39dfa296c1625b486f6ae5175f1a14505a1ee492d
                                                        • Instruction ID: d0292e9b5ece1afe5be8f4d3e5c5b7d863c79885d898e15b266eafe3bebd6230
                                                        • Opcode Fuzzy Hash: f7c116f493e7f35f002e28d39dfa296c1625b486f6ae5175f1a14505a1ee492d
                                                        • Instruction Fuzzy Hash: F71125B59003498FDB20DFA9C484BDEBFF0EB48320F20845AD459A7351C375A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00710900 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 545e14590ff557ae462bad4570d63481d33b6ce84d2799f4bd506a4dc9178e18
                                                        • Instruction ID: bbb6668509466016224a2cc1d5a639d68473f3a79d032995d9721aa9f9e2f857
                                                        • Opcode Fuzzy Hash: 545e14590ff557ae462bad4570d63481d33b6ce84d2799f4bd506a4dc9178e18
                                                        • Instruction Fuzzy Hash: A31103B59002498FDB20DF9AC484BDEBBF4EB48324F20845AD459A7251C379A984CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00710EA0 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f091457f9677dfc3e97ff2f7d0f3f44da1ff446eb0e463c1c5af96a23b0ab79f
                                                        • Instruction ID: 5c0818ea9ec5d3eac71577a8e7b1d41ed26925a9b122813462c1db01d4c58939
                                                        • Opcode Fuzzy Hash: f091457f9677dfc3e97ff2f7d0f3f44da1ff446eb0e463c1c5af96a23b0ab79f
                                                        • Instruction Fuzzy Hash: 18F02775204210CFC3115B7DA8510953BB6E98175131445BAC005CA2A8DB69D8C7C7C0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00719670 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e53e1be466a20dd65f3d096d15dd15f2e8d2cc622e94a763d3389966edc4d4c
                                                        • Instruction ID: ef740e637c105ff43784fda40416ac128fb78a736f3b907265e4618e45058958
                                                        • Opcode Fuzzy Hash: 9e53e1be466a20dd65f3d096d15dd15f2e8d2cc622e94a763d3389966edc4d4c
                                                        • Instruction Fuzzy Hash: B5D0A73160130C5FCB14EFF4451806E7AD9DB441107004DA9D406C7244ED31EF8046A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007196B0 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9ae2884e4a491d428f26820e409fef029cfda09d38a7f6affb80b55c8c2f3b0
                                                        • Instruction ID: 5781ba907f20bfa70e286e0c410da8627803c9055dd68d15ca94a5ab0fc211f0
                                                        • Opcode Fuzzy Hash: a9ae2884e4a491d428f26820e409fef029cfda09d38a7f6affb80b55c8c2f3b0
                                                        • Instruction Fuzzy Hash: 73D0C9316053148F8B152AB4A41C059BAA9DB8957230044BAE80AC2340DEBAEC818790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00710848 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.1855018762.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Offset: 00710000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_710000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1757140c798f732eb2a61612aa175be8e7545d3734e627b0f197c6b278274a10
                                                        • Instruction ID: 8d8c38b56fc731786eead25b44945bd69100311a796a8e759b2b5ef7ae3be0e2
                                                        • Opcode Fuzzy Hash: 1757140c798f732eb2a61612aa175be8e7545d3734e627b0f197c6b278274a10
                                                        • Instruction Fuzzy Hash: 61D0A970000A89CECB22FB28FCC57427F9EF300308F002262D0080B33ACBB2A40A8BC0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Executed Functions

                                                        Function 013381A1 Relevance: 1.7, Strings: 1, Instructions: 458COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: doq
                                                        • API String ID: 0-3318987180
                                                        • Opcode ID: dc02c00ed963e578517e023314448957976b54603fcbd73da56a5a0b5adb120b
                                                        • Instruction ID: ee7dcfb4e646cfff12dddcd11afc5d97d43c6e5e9410f456de5cba70034d6343
                                                        • Opcode Fuzzy Hash: dc02c00ed963e578517e023314448957976b54603fcbd73da56a5a0b5adb120b
                                                        • Instruction Fuzzy Hash: FF225F74A00219CFDB29EF78D954BAD77B2FB88308F1045A9E519A73A9DB319D81CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013376A8 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: 508650cedaac2c04fdfb642fb986db2c82484182a4fa37629520c2f8320351c7
                                                        • Instruction ID: fef1261ea6ea5dd53c816db70a62399e23e3b0d92af29bd25112de46e03637fb
                                                        • Opcode Fuzzy Hash: 508650cedaac2c04fdfb642fb986db2c82484182a4fa37629520c2f8320351c7
                                                        • Instruction Fuzzy Hash: 2C51E17464124ACFCB05FFADEAA496ABBB2FB443087009565D0058737EEB71A949CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013376B8 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: 259438e48f9e1a315d0e60130a4d117df7094ac58f2942240518d7c819736ff7
                                                        • Instruction ID: 5b61866c6bef7fd37ab43d4997e370e99d628e7fed271a1fb8e03be3b3ca46cc
                                                        • Opcode Fuzzy Hash: 259438e48f9e1a315d0e60130a4d117df7094ac58f2942240518d7c819736ff7
                                                        • Instruction Fuzzy Hash: 7D51CD7564024ACFCB05FFADEAA496ABBB2FB443087009565D0058737EEB71A949CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330DCF Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'kq
                                                        • API String ID: 0-3255046985
                                                        • Opcode ID: 65e3425e75b5fcc7a40c181df45a11ebb21521269a4f2aea0bee60388dcf514f
                                                        • Instruction ID: 2c9e7955dcfcf869be331d3b95e2bff69aac6dde71509bb584cf40d639ec82c3
                                                        • Opcode Fuzzy Hash: 65e3425e75b5fcc7a40c181df45a11ebb21521269a4f2aea0bee60388dcf514f
                                                        • Instruction Fuzzy Hash: 953150706003498FC756EF78E91099EBBA2BF81308B104A7AC0559B768DB75ED89CB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013392B9 Relevance: .5, Instructions: 507COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c86d332493e1a1d4761792cdade39dcc52c90012387a38d84da3f4daf204401d
                                                        • Instruction ID: fd4e952a05ea2ac32d8aa3c52d1ff492f176ad0707e0190c437e635e9ae967bd
                                                        • Opcode Fuzzy Hash: c86d332493e1a1d4761792cdade39dcc52c90012387a38d84da3f4daf204401d
                                                        • Instruction Fuzzy Hash: E8E092316093899FC7129FB8C82056DBFB4EF0B2047054DD6D081CB2A2DE349E508762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01339285 Relevance: .5, Instructions: 497COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83224563113061a3d2747485926ee7a4c998c3f87f478a8b8521cd3fdefa65e0
                                                        • Instruction ID: e898a71759479532d0fb1b89b0433d60fcb1d5888231ec9fc0480564cbb6bb46
                                                        • Opcode Fuzzy Hash: 83224563113061a3d2747485926ee7a4c998c3f87f478a8b8521cd3fdefa65e0
                                                        • Instruction Fuzzy Hash: 8C014731B093458FD746ABFC952029DBB65EF8A308B0189E6C841CF34ADF30CD458396
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01333DF0 Relevance: .1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd97b643801a706fdd17137360aad2394c5fe2e9b9ca24872e794aa8d7e34a3e
                                                        • Instruction ID: dadad0386ea07e2b007085f6b13439d4649f2c9c179463770bbfda3069cfb93d
                                                        • Opcode Fuzzy Hash: cd97b643801a706fdd17137360aad2394c5fe2e9b9ca24872e794aa8d7e34a3e
                                                        • Instruction Fuzzy Hash: D041B130B002099FDB1AAB78D92476E7BBABB84304F004479E545D73A9DB358C85CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01333E00 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68b5f996e7415e64c07de95f5d210b8190a79c974b574ae49e08161f4b17eca9
                                                        • Instruction ID: c476f73c046f0a4a11414c9c7fe4b459c9602c298dd23d055c81099eefe69344
                                                        • Opcode Fuzzy Hash: 68b5f996e7415e64c07de95f5d210b8190a79c974b574ae49e08161f4b17eca9
                                                        • Instruction Fuzzy Hash: BA318C30B00219DFDB19BB78D92476F7BAABB84704F108479E545D73A8DF359C858BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330890 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77681a0159dd0d43fa5fa71d39ffa35e721cd50fd09836a5dd232cb01daf9ea0
                                                        • Instruction ID: e4d406fcd6a1a3cfaac9ab2f27bb87208fb15f2f9e9676d32ca538139ec805ac
                                                        • Opcode Fuzzy Hash: 77681a0159dd0d43fa5fa71d39ffa35e721cd50fd09836a5dd232cb01daf9ea0
                                                        • Instruction Fuzzy Hash: E4319AB19003089FDB18DFB9C8457AEBFF5EF88324F208869E515E7260D735A940CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013397E8 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc3926b6ae0c16a35f853280b58c1ecc9f84f3e4073a02cf0b47006b865f0a35
                                                        • Instruction ID: 5ca81d09894dc45d902f0d25a538a5166b428865b25e6bee972ca9805142fd02
                                                        • Opcode Fuzzy Hash: dc3926b6ae0c16a35f853280b58c1ecc9f84f3e4073a02cf0b47006b865f0a35
                                                        • Instruction Fuzzy Hash: B721EC31708344CFD7199B7CE9A4A2ABFB9FBC630871104AAD515CB395CB21DC04CBA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330994 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: baa65ca83902387b21383ddad2effc3a4f9da8167ceaef1c84d5fe7ac82f7913
                                                        • Instruction ID: 2739f4950a3fbdfbe57c0e1907f9f26362f3538f7825f7601fedecccf8768388
                                                        • Opcode Fuzzy Hash: baa65ca83902387b21383ddad2effc3a4f9da8167ceaef1c84d5fe7ac82f7913
                                                        • Instruction Fuzzy Hash: E431F1B0D01248DFDB14CFA9D584BDDBFF5AF88314F20816AE408AB264C7759946CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013309A0 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 85d4284d1c0716fa98d1a058860c4387739fda369d944f4425b709d92b970c8c
                                                        • Instruction ID: a16e2b6bd34d6cd9d09a1765fe668754ecc1249edc34a1fe3500f954f75513a7
                                                        • Opcode Fuzzy Hash: 85d4284d1c0716fa98d1a058860c4387739fda369d944f4425b709d92b970c8c
                                                        • Instruction Fuzzy Hash: E831F0B0D01248DFDB14CFA9D584BDDBFF5AF88314F20802AE408AB264CB74A946CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01333CE9 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91fc8ef9fc71dd400a8e4960c40dfd6cecaa6d4f4819d989247a14d85ac51f4d
                                                        • Instruction ID: df5473cd406c733f6cefc076113f014df0f83878a91f76d694161f46fe56d144
                                                        • Opcode Fuzzy Hash: 91fc8ef9fc71dd400a8e4960c40dfd6cecaa6d4f4819d989247a14d85ac51f4d
                                                        • Instruction Fuzzy Hash: C5215B3494030EDFCB09EFA8E9545ADBBB5FF85304B004569D525A73A4DB31AA88CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013397D9 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c5fa7fa3e8cf979531330f1cabb026d355cf481887aef44ce4aff0f31e21d2be
                                                        • Instruction ID: 16890287ee12d3f5c461f94315428c71e9bc6dfcab9ed8ba5ac863c29a8ff68f
                                                        • Opcode Fuzzy Hash: c5fa7fa3e8cf979531330f1cabb026d355cf481887aef44ce4aff0f31e21d2be
                                                        • Instruction Fuzzy Hash: 7901A972700311DFD7148F68E99492ABFB8FFCA32C31105AAE614CB391CA71EC048BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01333CF8 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3da6513bd87fcbd3be31e9959402ef1490bdceaf67c30364f4b7e16d6721ab46
                                                        • Instruction ID: e040d256ba53fd463fe5cb235eb90d393726304ef3aaa30af2741db5422e1bcc
                                                        • Opcode Fuzzy Hash: 3da6513bd87fcbd3be31e9959402ef1490bdceaf67c30364f4b7e16d6721ab46
                                                        • Instruction Fuzzy Hash: B3111F3494030EDFCB09EBA8E9555AEBBB5FF84304F004529D525B73A8DB31A988CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330DE0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4d8e8ae18bee4016fbfe06aa38c518cc997e6716eb461834201341e6c13422c
                                                        • Instruction ID: 17fc96054a9931d99ad0f9d106401100ca2f06d551d879c81ace72cb27a4b9bb
                                                        • Opcode Fuzzy Hash: e4d8e8ae18bee4016fbfe06aa38c518cc997e6716eb461834201341e6c13422c
                                                        • Instruction Fuzzy Hash: 38115E712007448BC326EB69D51069F7BD6BB803187104929C0668B768DF76EC898FC4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013308F8 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48f4de71e3ed3a3c705f21a687fbe543710788c7d677285891328c679054be1e
                                                        • Instruction ID: 97e5a8f51bf5d925a2bf29ef46e47e4fd821cd1fc1ef32e4ea1e3db554f6684c
                                                        • Opcode Fuzzy Hash: 48f4de71e3ed3a3c705f21a687fbe543710788c7d677285891328c679054be1e
                                                        • Instruction Fuzzy Hash: 291110B59007088FDB20DFAAC444BDEBFF4EB88324F20845AE459A7220C375A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01337901 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e1bb65f830136070e6a6ed65ee21c516bcb856ff25245f66584abaf7587385c
                                                        • Instruction ID: 3d9fded326359619a78d469ca1358794cfb78f773bf2ce38cc7096982810ce19
                                                        • Opcode Fuzzy Hash: 4e1bb65f830136070e6a6ed65ee21c516bcb856ff25245f66584abaf7587385c
                                                        • Instruction Fuzzy Hash: 29015A706086568FCB05AF7CD654219BBE1AF8A320F4149AED4C5CB360DB34AC409B96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330900 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab992b141748f17ed02c615576653e2d40f0ded04e37af5e441955519999e52b
                                                        • Instruction ID: 5ce7748df7ee86e2fc347391ab3c1804e77512ffabdded72214c480471bf230d
                                                        • Opcode Fuzzy Hash: ab992b141748f17ed02c615576653e2d40f0ded04e37af5e441955519999e52b
                                                        • Instruction Fuzzy Hash: 661100B59007498FDB20DFAAC448BDEBBF4EB48324F208419D559A7260C375A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330880 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79122e7d4a4fbe92480a19daf3be8e1ffddc7babbbc929c6876835c4d3c5ef2b
                                                        • Instruction ID: e6b606750f8c0900199f6b9b332763f95981df765cf8c1de95c1ce8464999e03
                                                        • Opcode Fuzzy Hash: 79122e7d4a4fbe92480a19daf3be8e1ffddc7babbbc929c6876835c4d3c5ef2b
                                                        • Instruction Fuzzy Hash: EC01C272A40305AFCF0D9BB4C8115AE3FB6EFD6268F1049BEE114DB1B4DA368441D744
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013396C0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3340f9f00c6ffb7e297b6201e42b6e28810b69238b0457973abdab255029b841
                                                        • Instruction ID: e93050388bc84a70a57b4cc20eb574a1a7bbcf6ae5aa9560ccc754474f11aa6d
                                                        • Opcode Fuzzy Hash: 3340f9f00c6ffb7e297b6201e42b6e28810b69238b0457973abdab255029b841
                                                        • Instruction Fuzzy Hash: 68F0C832B462418FDB155B7CB4185ACBB94EFC922531408FBE806CB345DE65CC11C784
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330EA0 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1aa5fe6e163b0726a671bee3d83eeb72ccc308c260e2dd31d2a8b758e76fdaaf
                                                        • Instruction ID: 4595241edd5b9eafaf4d1f5b57fab4afb9db1836ad1e8c687729dc9d898132bf
                                                        • Opcode Fuzzy Hash: 1aa5fe6e163b0726a671bee3d83eeb72ccc308c260e2dd31d2a8b758e76fdaaf
                                                        • Instruction Fuzzy Hash: 7FF055723042048FC31A5BBCA82016A3FA6FAC124930046BAD005CF3B8DB2AC88AC780
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330839 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68f3b48282966b66a6a7569ca5a032266fb1a106b5da2062bb2af7f0c8bc7486
                                                        • Instruction ID: 50aa9aca9d2ae2d8be68fab218658a6fbadaf74cec3fc4c541bcef23c128d73f
                                                        • Opcode Fuzzy Hash: 68f3b48282966b66a6a7569ca5a032266fb1a106b5da2062bb2af7f0c8bc7486
                                                        • Instruction Fuzzy Hash: 32E04F300443899FCB6ADB68E955B457FB0FB52358F0506B6D0845B23AC7765698CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01339690 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6ff8e4d4666427aaf91f2bc0926d95dacb0e7d43cae252beb91e712568bdea3f
                                                        • Instruction ID: 84345ac91f13cbbde537c95d9f304e90ac70c8a3a4409f129d2a90629fa82e86
                                                        • Opcode Fuzzy Hash: 6ff8e4d4666427aaf91f2bc0926d95dacb0e7d43cae252beb91e712568bdea3f
                                                        • Instruction Fuzzy Hash: 22D0A931A802099BCB14EFB4852096EBBA9AB48200B004EAA980ACB304EE318F000692
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013396D0 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d76c61774dbebdc3d183dfeb14a21c6c5993f14bd0747a3df4c64d3f3e02c40
                                                        • Instruction ID: d8cf9f7f071ce8549705f47b9f0e00dbf7633bc87bd8f06d3b334372adb2db70
                                                        • Opcode Fuzzy Hash: 1d76c61774dbebdc3d183dfeb14a21c6c5993f14bd0747a3df4c64d3f3e02c40
                                                        • Instruction Fuzzy Hash: 95D01231B423148BDB142B78A00C8ADB7D9FB8D12230008BAE406C3300DE76CC1187C0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01330848 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1943645778.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_1330000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb79a5a1d9514f2eb90d7d3d9006f18e61f46554766e417539fa3f3295c6986c
                                                        • Instruction ID: da1d166a50c4682acb14a63e1729c246f25221fc479227d1896f1f3ab70384f8
                                                        • Opcode Fuzzy Hash: bb79a5a1d9514f2eb90d7d3d9006f18e61f46554766e417539fa3f3295c6986c
                                                        • Instruction Fuzzy Hash: 04D052310042898ECA2AEB2CF81AB0A7F58B700208F000171D0480B63ECBA6A4888BD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Executed Functions

                                                        Function 01548E98 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hoq$Hoq
                                                        • API String ID: 0-3106737575
                                                        • Opcode ID: 78a35925b475bdf34da195bead05116d57f9f9d69b025c2f42d2aef4c13b5be6
                                                        • Instruction ID: a9ca6406231b1be2790c554e0ebbddb0c1f69bcf02f523b124decfd6a50f87f3
                                                        • Opcode Fuzzy Hash: 78a35925b475bdf34da195bead05116d57f9f9d69b025c2f42d2aef4c13b5be6
                                                        • Instruction Fuzzy Hash: 5B31AF34B002169FDB69AABC851467F39E7BBD4768B248528A625DF3C4DF34CD0683D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015480C0 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: doq
                                                        • API String ID: 0-3318987180
                                                        • Opcode ID: a4077cfbcaf2483ece7c52327e465083b18990ff1f9ee687d35a7c53799554b0
                                                        • Instruction ID: ed153e81002583d4a3195c61f52986cb7b804d35cfddf52d91c1d5b6c1424875
                                                        • Opcode Fuzzy Hash: a4077cfbcaf2483ece7c52327e465083b18990ff1f9ee687d35a7c53799554b0
                                                        • Instruction Fuzzy Hash: 13221874A00315CFDB24EF74D994BAA7BB6FB48304F1045A9E909AB3A4DB399D85CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015476A9 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: 73af4932b6d7fdcb97a1507bcbb16dc2251f30cbd6e855175a8cb43fc421018b
                                                        • Instruction ID: 61d625e076ec94daf922d18cb6e77822dc3cc1421a1ebf781a3d6774433c338f
                                                        • Opcode Fuzzy Hash: 73af4932b6d7fdcb97a1507bcbb16dc2251f30cbd6e855175a8cb43fc421018b
                                                        • Instruction Fuzzy Hash: 4451CF70640346CFCB05FF68E98098A7BB9FB44344B10A675D405AB369DB7CAE59CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015476B8 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: 55a0bea6ad6ec6aa7256e7d724927d49d7fbf0ac9d622d30b263c4fa2c34a312
                                                        • Instruction ID: 3661c0f26cba592a28d04723699baa9fd1e9dd200350da399259c8e953a4b343
                                                        • Opcode Fuzzy Hash: 55a0bea6ad6ec6aa7256e7d724927d49d7fbf0ac9d622d30b263c4fa2c34a312
                                                        • Instruction Fuzzy Hash: 5F51CE70600346CFCB05FF68EA8494ABBB9FB44344B10A674D405AB369DB7CAE59CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540DCF Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'kq
                                                        • API String ID: 0-3255046985
                                                        • Opcode ID: 79f03ccdd24d69eea7496e62b137c71887e7ad8817f9c427ae79375ca0c29ef4
                                                        • Instruction ID: 3f71944f9fc8bfb584fbbfb0b6b87835d38656c4bfae2c0dcdb32580ab1131fb
                                                        • Opcode Fuzzy Hash: 79f03ccdd24d69eea7496e62b137c71887e7ad8817f9c427ae79375ca0c29ef4
                                                        • Instruction Fuzzy Hash: 613158706003458FC716EF78E9146AE7BE6FB81314B10897DC455AB3A8DB79EC4A8B81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015492A9 Relevance: .5, Instructions: 503COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0fed195cdad469ecbf728d28339553e11c33af89a5bd5fdc59662ad827f18414
                                                        • Instruction ID: 83f8a211e5b6f17a8f3012af0d80cbbfea79023374e9770a559b810caf836a3d
                                                        • Opcode Fuzzy Hash: 0fed195cdad469ecbf728d28339553e11c33af89a5bd5fdc59662ad827f18414
                                                        • Instruction Fuzzy Hash: 9FE0DF30945348AFC720EFB4D8126797FB4EB42200F400A9AE482CB222EE349A008752
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01549275 Relevance: .5, Instructions: 474COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: efab01ca8d0b258d050944e3b2356adfd0dea2c9eb163f39bb1e7e258e666840
                                                        • Instruction ID: 62f657fde528ed2f069630bc1197d383fdf1eea3b0a3611ca230cf3824083771
                                                        • Opcode Fuzzy Hash: efab01ca8d0b258d050944e3b2356adfd0dea2c9eb163f39bb1e7e258e666840
                                                        • Instruction Fuzzy Hash: 39E09B71D057485BD715EFF8952267D3B65EB52204F414A9BD445CB117EE348A008391
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01549707 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4b81ed12338de727ee08e6063d618559e8e431b3449ce816fe4516430e514dde
                                                        • Instruction ID: 3cd13c0dd339cf1b155f4572695504fd6b30c2ab8dbd12d5c6982969982d7d2b
                                                        • Opcode Fuzzy Hash: 4b81ed12338de727ee08e6063d618559e8e431b3449ce816fe4516430e514dde
                                                        • Instruction Fuzzy Hash: 9D014C719423415BC711EBF8A503B6E7B69FF46218F400569D481CF325EF348A01C351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01543DF0 Relevance: .1, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 906a3c55f9947c34c66b27cbd58d0a3e0d3de0637f6a94851f0132e8e5ab8299
                                                        • Instruction ID: 308a8a067bc48a0ed81e9e9603d14900905d050e1b7fb2060c1ea8163f220901
                                                        • Opcode Fuzzy Hash: 906a3c55f9947c34c66b27cbd58d0a3e0d3de0637f6a94851f0132e8e5ab8299
                                                        • Instruction Fuzzy Hash: E3416B30B003159FDB15AF78D91476F3BEEEB88740F108469A505EB3E8DB399C498B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01543E00 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38727180564e5722de6808d95ed2ba95f654eeaf0cc19f45b84ba330f0d84f68
                                                        • Instruction ID: 4e6e38c8e9ab12a64d5630c0e3dc70e22b66b640cde4e376725289875a756e26
                                                        • Opcode Fuzzy Hash: 38727180564e5722de6808d95ed2ba95f654eeaf0cc19f45b84ba330f0d84f68
                                                        • Instruction Fuzzy Hash: 93314830B003159FDB19AF78D91476F7BEEEB88700F108469A505AB3A8DA399C458B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540890 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79204c4277afbd287932e4d08e782bc095c57819ca8a417bd7843a434160c116
                                                        • Instruction ID: 828cc98d36eb4e27ba97ccb3edbc528e16c5f17a7b23623beda27c8e00d18c62
                                                        • Opcode Fuzzy Hash: 79204c4277afbd287932e4d08e782bc095c57819ca8a417bd7843a434160c116
                                                        • Instruction Fuzzy Hash: 43318DB19003099FDB14DFA9C845BDEBFF5FF89324F208869E655AB291D7359840CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015497D8 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 900c85d3674d21815eb0e84a12cc40daa2fca6a370396a31127a7ea478786a8a
                                                        • Instruction ID: 4a3396fc3deab9de95e7e308f9191b4ded80ee4c33089ebab638cfc8a9981ae3
                                                        • Opcode Fuzzy Hash: 900c85d3674d21815eb0e84a12cc40daa2fca6a370396a31127a7ea478786a8a
                                                        • Instruction Fuzzy Hash: EE21AB71708314DFE7249F6CE88592A7BB9FB89218B1104A9D505CB391DA38EC05CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540994 Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 564c7b8b83b922f7c94423a0f6455085fd29359cc45d38c4d4a149e055e44645
                                                        • Instruction ID: 031e4d93efb09948de564376a9d7785bc42b8a01690f0bd4e98e1175f951bd6c
                                                        • Opcode Fuzzy Hash: 564c7b8b83b922f7c94423a0f6455085fd29359cc45d38c4d4a149e055e44645
                                                        • Instruction Fuzzy Hash: 073101B0D01248DFCB14CFA9D584BDDBFF5AF48314F24806AE408AB264C7B56946CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015409A0 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d8a0ac6171e561816ad86181aa2c92a265bff42b4057a832239bee3c5e718ef
                                                        • Instruction ID: 085492571727b66645c57838274106d7a5111bd2480563d3a3395ec340cfa8e4
                                                        • Opcode Fuzzy Hash: 0d8a0ac6171e561816ad86181aa2c92a265bff42b4057a832239bee3c5e718ef
                                                        • Instruction Fuzzy Hash: F531D0B0D01258DFCB14CF99D584BDDBFF5AF48314F24806AE508AB2A4CBB5A945CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01543CE9 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e8d559be983bb33b27b9bd0f9f91e9dd392b73a4826a6dac1ef5ef25aa4a68f
                                                        • Instruction ID: df2ed0a4597fdb1697f1c519d2061fe1836aeca6b55d53d8658f679a102a38d5
                                                        • Opcode Fuzzy Hash: 2e8d559be983bb33b27b9bd0f9f91e9dd392b73a4826a6dac1ef5ef25aa4a68f
                                                        • Instruction Fuzzy Hash: 6E212C34D0020A9FDB10FFA8E8455AEBBB9FB84304F504569D505BB2D4DB35AE4ACF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01543CF8 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16a19dc795de150f5d27ca455c97db216dbe41ddf3f64d74af6f3b1ad6c5d0df
                                                        • Instruction ID: 31a21cea2d86f196c153ca34220193ae3f9ec9eb9647278bf90f1659c8097b73
                                                        • Opcode Fuzzy Hash: 16a19dc795de150f5d27ca455c97db216dbe41ddf3f64d74af6f3b1ad6c5d0df
                                                        • Instruction Fuzzy Hash: D611F930D0020A9FDB10EFA8E8555AEBBB9FB84304F104568D505BB294DB35AE49CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015497C9 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f1ec879573ef07bde30cbdad4b57c2adaff74bba7a88f514e63caa82c8243a0
                                                        • Instruction ID: 83bd93c86e63726d17cfa8a077eedeaf6f9137120e0bb981be68f3302bbee34d
                                                        • Opcode Fuzzy Hash: 9f1ec879573ef07bde30cbdad4b57c2adaff74bba7a88f514e63caa82c8243a0
                                                        • Instruction Fuzzy Hash: E901B175704710DFE7149F6DE88682A7BB8FB8D718B11456AE504CB350DB30EC00CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540DE0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a33ebcc0cffedadffadb1c4c6e4cf94f6d94e1441f092e31db98e7a5d42dc09a
                                                        • Instruction ID: 9b7d14c629bc8cc784f86e9b851980d619c0b52db15e0396ab3d2e5c3e2970ae
                                                        • Opcode Fuzzy Hash: a33ebcc0cffedadffadb1c4c6e4cf94f6d94e1441f092e31db98e7a5d42dc09a
                                                        • Instruction Fuzzy Hash: 171148712007408BC325EF79E51469A7BEAFB84754B10892CC0169B7A8DF79EC8A8FC1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01543FF4 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fa6a3d89cd4beefbc39cb7f49836ec48bc8b041551c464463311c022d23c92b
                                                        • Instruction ID: ca283027e60a3923f5b1cc3349d9d50705412e6bc132af5774ff388ccb4c98a0
                                                        • Opcode Fuzzy Hash: 9fa6a3d89cd4beefbc39cb7f49836ec48bc8b041551c464463311c022d23c92b
                                                        • Instruction Fuzzy Hash: C81110B59003588FCB20DF99C848BDEBFF5FB58324F208859E959AB250C775A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01547609 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 773d63004e2cf851245630f517163ef9a58644b1c65fea9e4313c02f9678eeec
                                                        • Instruction ID: 10f86ed39f4006f9939cfcacc03393c66f2a1ae602ade50848a2383411980e01
                                                        • Opcode Fuzzy Hash: 773d63004e2cf851245630f517163ef9a58644b1c65fea9e4313c02f9678eeec
                                                        • Instruction Fuzzy Hash: 471110B59002588FDB20DF99D848BDEBFF4FB59324F20845AE958A7250C735A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015408F8 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db9ebd6b4b2c11fbcc420ba45d57fb6a87760331af8b1914e9ed1c206578aeff
                                                        • Instruction ID: f3f8cf9090cf24856a480aa9e1b803591f2000d157d26b1ea7cc12bf67edac88
                                                        • Opcode Fuzzy Hash: db9ebd6b4b2c11fbcc420ba45d57fb6a87760331af8b1914e9ed1c206578aeff
                                                        • Instruction Fuzzy Hash: A71122B59003598FDB20DFA9C484BDEBFF4AF48324F20845AD559A7251C375A944CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015478FF Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b063d6c2defd573eac3189d80367af9e17c693615e6f1bdee46efeb963588655
                                                        • Instruction ID: 6042da55d43d6d13a52e0a7ed8f316cfb2b39d8ae0a7d6a4a490773df9355c59
                                                        • Opcode Fuzzy Hash: b063d6c2defd573eac3189d80367af9e17c693615e6f1bdee46efeb963588655
                                                        • Instruction Fuzzy Hash: 36017835604215CFDB04EF3CE64462EB7E1BF8A310F91492EE4899B354EB34AD408B92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540900 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a75603d40aaba0e2bdf02f97581c683af8ad663526aa5495a6bcf3081b21d6c8
                                                        • Instruction ID: d53544277df0042e9ced88dd6213c0d406d5e3780534b9f19162a1bfeca34ffc
                                                        • Opcode Fuzzy Hash: a75603d40aaba0e2bdf02f97581c683af8ad663526aa5495a6bcf3081b21d6c8
                                                        • Instruction Fuzzy Hash: 941130B59003198FDB20DFAAC448BDEBFF4EB48324F208459D558A7250C335A980CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540880 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 370b864acbbaf233b6c5f47ac05e11b64b6cafbdc27f91a11be18eac58f248af
                                                        • Instruction ID: 52ccd05ba76a45636584ce27079dd2486ab4668c774d1a88220fa80219e30011
                                                        • Opcode Fuzzy Hash: 370b864acbbaf233b6c5f47ac05e11b64b6cafbdc27f91a11be18eac58f248af
                                                        • Instruction Fuzzy Hash: 78F0C871A04345AFDF099B748C115EE3F76FFD2218F2448AAE245DF2E2D93244119740
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540EA0 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ec8548a605c6eb2bc9d05828e5172aed29aafa21b5a2beb4b8aef2a95753a4b9
                                                        • Instruction ID: 25111c76c5321e172fddc2f879dc17e8232f3a0798d05b7f56d5d28a9e57165b
                                                        • Opcode Fuzzy Hash: ec8548a605c6eb2bc9d05828e5172aed29aafa21b5a2beb4b8aef2a95753a4b9
                                                        • Instruction Fuzzy Hash: 89F055722043108FC3259FB8A8240AA3FE6FA8128532049BED105CF3A8DB39DC46CBC0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 015496B1 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 69ca52356a3969e0469a5cc3a80b62efe5428346e51b68d848c134ac3baac03b
                                                        • Instruction ID: 699fd86239b2ba28bc090abb93e3544d548c64cd266dc346b2eb2a182c538495
                                                        • Opcode Fuzzy Hash: 69ca52356a3969e0469a5cc3a80b62efe5428346e51b68d848c134ac3baac03b
                                                        • Instruction Fuzzy Hash: 2DD05E3461271CDBC7286FB4B20AAA43FA9FB89311F1111BAF90582321EF768C01D790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540839 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b05cd827857fa90d971c45e774cda358cc23a52d7aec979d02ba71b47e13e399
                                                        • Instruction ID: 1f4d6d26808816cf0020952de8218d50a977767cd942ce9a6bb5f01f91644e9c
                                                        • Opcode Fuzzy Hash: b05cd827857fa90d971c45e774cda358cc23a52d7aec979d02ba71b47e13e399
                                                        • Instruction Fuzzy Hash: F7E01A301443858FCB26DF68E4447467FE8EB46354F0641AAC484AF2A6D3B859588BD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01549680 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ce8e91239baac27a3a79576d1c5f418ce176c4bee77a026a0131319e45bc8c1
                                                        • Instruction ID: 5eec3ee2412cb94ae398a21d00e58c0b26ff9881adcfb63520c167550c732af1
                                                        • Opcode Fuzzy Hash: 7ce8e91239baac27a3a79576d1c5f418ce176c4bee77a026a0131319e45bc8c1
                                                        • Instruction Fuzzy Hash: 84D0A771A4030C5BCB14EFB4451157E7BA9DB44100B404A999406CB204ED318F004692
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01540848 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2027336905.0000000001540000.00000040.00000800.00020000.00000000.sdmp, Offset: 01540000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_1540000_M5vARlA2c4.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 53ec78dad282a9b541ae5a0a9790036a8a9170a40f2b8967eb1f72f297172987
                                                        • Instruction ID: 0cdaf598a9734bb83e8cab9d4f4280e0dc687f60af861e6515819660ea9d4b5c
                                                        • Opcode Fuzzy Hash: 53ec78dad282a9b541ae5a0a9790036a8a9170a40f2b8967eb1f72f297172987
                                                        • Instruction Fuzzy Hash: E7D052302043898ECB32EF28F8097027F9CE744308F0041A8D008AF2AAD7BCA8188BC1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Executed Functions

                                                        Function 00E81F00 Relevance: 1.7, Strings: 1, Instructions: 463COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: doq
                                                        • API String ID: 0-3318987180
                                                        • Opcode ID: f151b37d18f60845b3644a42625c98e93b85d1820750e47bb6bd7d6797210a2d
                                                        • Instruction ID: d99a397d2961025ca299985f5c93de98e45a40488a07a8438e8d768386e49019
                                                        • Opcode Fuzzy Hash: f151b37d18f60845b3644a42625c98e93b85d1820750e47bb6bd7d6797210a2d
                                                        • Instruction Fuzzy Hash: D2223B74A10214CFDB15EF34E994BA977B2FB48300F1085ADE909A73AADB399D81CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E81F10 Relevance: 1.7, Strings: 1, Instructions: 451COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: doq
                                                        • API String ID: 0-3318987180
                                                        • Opcode ID: ebab7fa3956a318e17f39ac7cdada0be881f5fd1fdfa4276e3ef54631189bb16
                                                        • Instruction ID: 3045e1cdfc4906805321321144b5efeb08453f924a72e96f6a149b0179af4955
                                                        • Opcode Fuzzy Hash: ebab7fa3956a318e17f39ac7cdada0be881f5fd1fdfa4276e3ef54631189bb16
                                                        • Instruction Fuzzy Hash: F2220774A10214CFDB25EF34ED94BA97BB2FB48300F1085A9E919A73A5DB399D81CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E82184 Relevance: 1.6, Strings: 1, Instructions: 305COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: doq
                                                        • API String ID: 0-3318987180
                                                        • Opcode ID: 66f98a7be03e11e94684fa6c0cd35086296aac43b20746484aa2a2797325fac5
                                                        • Instruction ID: 1d23bbe20ee5a95b84c28ad35f34f88fdb90c95fd10a3be2697ea6fb8dd2da49
                                                        • Opcode Fuzzy Hash: 66f98a7be03e11e94684fa6c0cd35086296aac43b20746484aa2a2797325fac5
                                                        • Instruction Fuzzy Hash: 78E1E374A10214CFDB29EF74D994BADBBB2FB48304F1084A9D909A7366DB399D81CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E81700 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: b3a924af17bc79ea37d639748f6847837bee5517087f35f90c1e8b84b8d4b6a5
                                                        • Instruction ID: aa695153a7f1af9023441e037dbf6eead546c3ce8b78bfd7ded16f18eda0c573
                                                        • Opcode Fuzzy Hash: b3a924af17bc79ea37d639748f6847837bee5517087f35f90c1e8b84b8d4b6a5
                                                        • Instruction Fuzzy Hash: E551BF745602458FDB06FF68F990A99BBB1FB88304B10DA6DD4048732FDB78A949CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E81710 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tekq
                                                        • API String ID: 0-2319236580
                                                        • Opcode ID: cf5fcc940440e6de39df716cab2b7c30ffa39885e4b3270c69e43fd93988f7ee
                                                        • Instruction ID: 15d23e14c73805769654269c09947f90b199e09ef6607c8db236e29726074cd1
                                                        • Opcode Fuzzy Hash: cf5fcc940440e6de39df716cab2b7c30ffa39885e4b3270c69e43fd93988f7ee
                                                        • Instruction Fuzzy Hash: 0551AC745602458FDB05FF68F984A99BBB1FB88304B10DA69D4048B32FDB78A949CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80DCF Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'kq
                                                        • API String ID: 0-3255046985
                                                        • Opcode ID: e637efe9bab4b867fa5f52dcae42238179ef6e3a39b0b6370ff8eba007187dc8
                                                        • Instruction ID: ef9babc02ef739de9939c6eb98b9604808ead55efd6397db7fc2998a9c2868e1
                                                        • Opcode Fuzzy Hash: e637efe9bab4b867fa5f52dcae42238179ef6e3a39b0b6370ff8eba007187dc8
                                                        • Instruction Fuzzy Hash: E8318F706042458FC715FB78E910A9E7BA2EF81304B108A6EC015AF7B9DB79ED49CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E89299 Relevance: .5, Instructions: 528COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1743f2f9aff3b8b029c019b00bc628739aa1d81e0ebb8903bde7af6f5fe117a8
                                                        • Instruction ID: d3d0406e4b214c325c0f66d8bfb06548fe7b9b0107260ca328c406bd5159e1c9
                                                        • Opcode Fuzzy Hash: 1743f2f9aff3b8b029c019b00bc628739aa1d81e0ebb8903bde7af6f5fe117a8
                                                        • Instruction Fuzzy Hash: F6F092305493845FCB16BBB488201693FB4DF4321170A09E7D44EDB293EE359E09ABB3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E89265 Relevance: .5, Instructions: 478COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91d4541615cec82200b0f3d597bc9eaaad52805c1e4498f987592da33ef46ca4
                                                        • Instruction ID: 9683d0587d41ca8674cbc459932a7e1e3638ab0569898431ab106b26a29a2b1b
                                                        • Opcode Fuzzy Hash: 91d4541615cec82200b0f3d597bc9eaaad52805c1e4498f987592da33ef46ca4
                                                        • Instruction Fuzzy Hash: 29E02B30A093485FCB16BBF419200BD3FA0DF422007410AE7D44AD7257ED30DE0957B6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E85762 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f3e9fb6024577e26386bbe6fa451c020f2191c0359ea3cd0489f7a608323a4ec
                                                        • Instruction ID: 82ab65f1e8521a444ed87dd6e5bac87e11157b9f4b732a0a4734c22383993231
                                                        • Opcode Fuzzy Hash: f3e9fb6024577e26386bbe6fa451c020f2191c0359ea3cd0489f7a608323a4ec
                                                        • Instruction Fuzzy Hash: 58418330B102158FDB49FB74D91576E3BAAAB84300F10847DD509E73AADF399D89CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E85770 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1dccada2fc59d87eff8f4f08e5b81d70d9a9c8bd1c41abcb9faf98df9272bff
                                                        • Instruction ID: 061e8c892ccf13605d2a4e11828c7ec12862bb7f99e04a992079c25a184e2e05
                                                        • Opcode Fuzzy Hash: f1dccada2fc59d87eff8f4f08e5b81d70d9a9c8bd1c41abcb9faf98df9272bff
                                                        • Instruction Fuzzy Hash: 1231A330B102148FDB49FB78D91576E3BEAAB88700F10846DD509E73A9DF399D49CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80890 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24740229795a15cb1baba816c8474b716cc46ad41c61d16d1832be1677531281
                                                        • Instruction ID: 1739b6b70fc36b53d6ec8f2683f99592701fe76c7af97b16ba6de4d2246c4aee
                                                        • Opcode Fuzzy Hash: 24740229795a15cb1baba816c8474b716cc46ad41c61d16d1832be1677531281
                                                        • Instruction Fuzzy Hash: 2A319FB1A003488FCB14EFB9D845B9EBFF5EF88320F108469D119A7661D7359444CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80994 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8cc10a4d36179b5c80bc5168c5c9ba2759592c1bf8bd9ef6021235e236c97adb
                                                        • Instruction ID: b80bb4c23f9fe7aade1ea30d47f8d646f4048df48dd7369767498bb55534ebdd
                                                        • Opcode Fuzzy Hash: 8cc10a4d36179b5c80bc5168c5c9ba2759592c1bf8bd9ef6021235e236c97adb
                                                        • Instruction Fuzzy Hash: 5331DEB0D01248DFCB14DFA9D584BDEBFF5AF88314F24806AE409BB264C775694ACB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80610 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2c5b5e1c871f37eabd722ce380807774efd455c654f5f9cd3779b1a5bfebef41
                                                        • Instruction ID: 1eeff9c6a75832a60ffeeef83dc0f03569830a8e947a22c078131ac518e7fcba
                                                        • Opcode Fuzzy Hash: 2c5b5e1c871f37eabd722ce380807774efd455c654f5f9cd3779b1a5bfebef41
                                                        • Instruction Fuzzy Hash: 4431F2B0D01248DFCB14DFD9D584BDDBBF5AF88314F20806AE408BB264C774A949CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E85658 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e89cc8626a3cf8bd0152e306601cf59ca8fbcf748213cf1956a2d8daf8b70048
                                                        • Instruction ID: a430dad32011c6e63233033eb7d71bcfc03c7aad9a1b6fd28743316388b90df4
                                                        • Opcode Fuzzy Hash: e89cc8626a3cf8bd0152e306601cf59ca8fbcf748213cf1956a2d8daf8b70048
                                                        • Instruction Fuzzy Hash: BF218371D0010A9FDB05FBA8F855AEEBB71EF80304F40456DD006A73A6EF34AA49CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E85158 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b461c91957cdbc5373ba868818adfe66059430465383a004833c01128329a2d9
                                                        • Instruction ID: 5fa034f572956936ad326496fb9af3423d632b9fa8107afb2568fcf43105e8d1
                                                        • Opcode Fuzzy Hash: b461c91957cdbc5373ba868818adfe66059430465383a004833c01128329a2d9
                                                        • Instruction Fuzzy Hash: 091189B19003488FCB10DF99C544BDEBFF0EB48320F10805AD558A7251C774A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E88F78 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 814c544b6ef49bb5fab7dc53b033129cf20b3915d93fe3cad3f002b035c7c939
                                                        • Instruction ID: 53f419bbd3a2c2f2a6a9de5d343bae9d06d2b54ea8ed1400f264ed0a42fefa34
                                                        • Opcode Fuzzy Hash: 814c544b6ef49bb5fab7dc53b033129cf20b3915d93fe3cad3f002b035c7c939
                                                        • Instruction Fuzzy Hash: FA2144B1900249CFCB20DF9AD544BDEBFF4FB59324F20841AE958A7250C735A944CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E85668 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 32cb693c6f6eafd1d11b300ce7e99bf6058037a9cb23cd48e2a71b26df7f22b1
                                                        • Instruction ID: cb012ef08ff5f2ec5065907fa12dada3ab0ce9e4cccff6e191bfebfcbb6b158a
                                                        • Opcode Fuzzy Hash: 32cb693c6f6eafd1d11b300ce7e99bf6058037a9cb23cd48e2a71b26df7f22b1
                                                        • Instruction Fuzzy Hash: 25110A74A0010AAFCB05FBA8F855AAEBB75EF84304F408568D105A73A5DF34AA488B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E85134 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 441160162738e7dcf404f0ea2cb54ededfc3069435c175bc3233d00851d41435
                                                        • Instruction ID: ab6eb3749c841d5ea2236399f8c719e7bee80a0726ee5105fffe69dfb2be10b8
                                                        • Opcode Fuzzy Hash: 441160162738e7dcf404f0ea2cb54ededfc3069435c175bc3233d00851d41435
                                                        • Instruction Fuzzy Hash: 451102B59002488FCB20DF99D948BDEBBF5EB48324F20842AE959A7250C775A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80DE0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6061d0d4e0147d977d160b5f4bf12ef812223c3c48893d3f62a3292377b8f31f
                                                        • Instruction ID: 932defee15a5014b535ce3fef7b794d338ed151695d5a2a2c3f5eeb561451c65
                                                        • Opcode Fuzzy Hash: 6061d0d4e0147d977d160b5f4bf12ef812223c3c48893d3f62a3292377b8f31f
                                                        • Instruction Fuzzy Hash: 19115A712007408BC315FB69E51579F7BA6AB80314B108A2DC0199B768DFBAED898FD4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E808F8 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad2153bf0030d5912d8b21c4a0f29b6faac12af3c2a13dc0f941d83d6235073b
                                                        • Instruction ID: 7766a14c6722f7963033927eef0be8710d7565e3809ae0feaf72782d6389926c
                                                        • Opcode Fuzzy Hash: ad2153bf0030d5912d8b21c4a0f29b6faac12af3c2a13dc0f941d83d6235073b
                                                        • Instruction Fuzzy Hash: 101125B59002488FCB20DFAAD449BDEBFF0EB88324F20845AD459A7351C375A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80604 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2cf59ab884e24bfb3a11364ff2233f4612141444aee28ec571a06fffcdb82344
                                                        • Instruction ID: 9c68e2e2f10b9464e3cc69ab6f544eead94d981d8109a8a4e505a85a9aa6ac6a
                                                        • Opcode Fuzzy Hash: 2cf59ab884e24bfb3a11364ff2233f4612141444aee28ec571a06fffcdb82344
                                                        • Instruction Fuzzy Hash: F51122B19003088FDB20DF9AC448BDEBBF4EB88324F208469D459A7351C375A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E89018 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f65ed23512384da018b02fc0a6191145e512ab78885925f7cf8b15eaff67d186
                                                        • Instruction ID: 3bfd528c2b511c6bc460b9dc5697d4c5d48e9a79d550cc1b4ee2887c91ab1707
                                                        • Opcode Fuzzy Hash: f65ed23512384da018b02fc0a6191145e512ab78885925f7cf8b15eaff67d186
                                                        • Instruction Fuzzy Hash: 6F01BC30B08655CFCB01EB3CC650229BBE0EF89314F0508A9D48AEB352DB34ED05CB82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80880 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d9014fb2f9eb712fe92162b6f1b62db9740848112943615ad21a752cf5e0f54
                                                        • Instruction ID: 3dd2310fa4cc6630f65fe04b9fe3f63d4787f73f32af75433c6f46bc023220eb
                                                        • Opcode Fuzzy Hash: 7d9014fb2f9eb712fe92162b6f1b62db9740848112943615ad21a752cf5e0f54
                                                        • Instruction Fuzzy Hash: 85F0C871A48344AFCF09AB748C159AD7F72AF82320F1446FED10DE76E2D97644569740
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80EA0 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 29bd5ff7424270bb37a99e668b8f4af1e5e087167bc7c1bede0f6639b1221bd3
                                                        • Instruction ID: 1f7e9149f358101903735145dc115fa4a9fde63226136529315ed265c0f32075
                                                        • Opcode Fuzzy Hash: 29bd5ff7424270bb37a99e668b8f4af1e5e087167bc7c1bede0f6639b1221bd3
                                                        • Instruction Fuzzy Hash: 3CF05C713042008FC3517B78A8112593BA2EAC134131486BEC04DCF278DB29D84ACB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E896A1 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e93cec2847c7dcc6134be5f438436c51664073732c2d5821629971708b331821
                                                        • Instruction ID: 63ec79888ae27a27253cf7111476eb47a5e8d9232bab60268969bbf5e1446f6d
                                                        • Opcode Fuzzy Hash: e93cec2847c7dcc6134be5f438436c51664073732c2d5821629971708b331821
                                                        • Instruction Fuzzy Hash: B5E09230B863818FCB253B74642C0793FA59B8A2213050DBAF40EDB2D2DF3DC8598B51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80839 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f14734a82af86e9092c24d32faf8642fb6ea51eefea9218b77ee0d7b677aad0
                                                        • Instruction ID: 63814260a9a66f0fb80db48f1ab5a8bee36491c25eb510b47d079b381dc0cb1b
                                                        • Opcode Fuzzy Hash: 6f14734a82af86e9092c24d32faf8642fb6ea51eefea9218b77ee0d7b677aad0
                                                        • Instruction Fuzzy Hash: DFE04F301182C44FDB1BD738ED65F497F30A702204F0585DAC4405F277C668454DCB96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E896B0 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2a1e31e514e15e7249ff393b3741f176e005991b45c1b7bc9b2017e2b073ebd
                                                        • Instruction ID: 6308b810f1bcdff8a44a595eea77ddf044f76024346bdc41c64cc4b8307bcb03
                                                        • Opcode Fuzzy Hash: e2a1e31e514e15e7249ff393b3741f176e005991b45c1b7bc9b2017e2b073ebd
                                                        • Instruction Fuzzy Hash: D1D01231B81314DBC7242774A41C49977E9EB891263104C79F90AC3340DE7ACC168790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00E80848 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2111006941.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_e80000_Java update.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f48bceee9edb2186c2f6ba87580ee8423ea73fc5fb46703499aac261d8900e97
                                                        • Instruction ID: 5a1f5a59a83641390afaeb880af7e93265b5259103d2316a299ffc028dc25b4d
                                                        • Opcode Fuzzy Hash: f48bceee9edb2186c2f6ba87580ee8423ea73fc5fb46703499aac261d8900e97
                                                        • Instruction Fuzzy Hash: 3BD0A9300102898EDB0AEB28FC15B09BF68F300308F00C1A8D0081F33ACBBCA4088BC8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%