Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_23052024.exe

Overview

General Information

Sample name:PO_23052024.exe
Analysis ID:1446505
MD5:23626a822afb45c288acf9fabbef5ad1
SHA1:4e0db9f021191084331d9ed7164f066fe1003f06
SHA256:581ebd71502e26428ff03f5d743fbea09b17d22779e739c41022ac41cfac0242
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Contains functionality to register a low level keyboard hook
Initial sample is a PE file and has a suspicious name
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO_23052024.exe (PID: 6824 cmdline: "C:\Users\user\Desktop\PO_23052024.exe" MD5: 23626A822AFB45C288ACF9FABBEF5AD1)
    • PO_23052024.exe (PID: 6972 cmdline: "C:\Users\user\Desktop\PO_23052024.exe" MD5: 23626A822AFB45C288ACF9FABBEF5AD1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alitextile.com", "Username": "9@alitextile.com", "Password": "Myname321@"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.PO_23052024.exe.44b34e0.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.PO_23052024.exe.44b34e0.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.PO_23052024.exe.44b34e0.3.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x32129:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x3219b:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x32225:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x322b7:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x32321:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x32393:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x32429:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x324b9:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.PO_23052024.exe.475e058.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.PO_23052024.exe.475e058.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 13 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 192.185.143.105, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\PO_23052024.exe, Initiated: true, ProcessId: 6972, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49734

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.alitextile.com", "Username": "9@alitextile.com", "Password": "Myname321@"}
                    Multi AV Scanner detection for submitted file
                    Source: PO_23052024.exeReversingLabs: Detection: 42%
                    Source: PO_23052024.exeVirustotal: Detection: 36%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: PO_23052024.exeJoe Sandbox ML: detected
                    Source: PO_23052024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: PO_23052024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: HqVJ.pdb source: PO_23052024.exe
                    Source: Binary string: HqVJ.pdbSHA256I source: PO_23052024.exe

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.PO_23052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: mail.alitextile.com
                    Source: PO_23052024.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: PO_23052024.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000031FA000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000368B000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.alitextile.com
                    Source: PO_23052024.exeString found in binary or memory: http://ocsp.comodoca.com0
                    Source: PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000327A000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107937316.000000000679A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                    Source: PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000327A000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107937316.000000000679A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: PO_23052024.exe, 00000001.00000002.4100635153.00000000031B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: PO_23052024.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                    Source: PO_23052024.exeString found in binary or memory: http://tempuri.org/registerationDataSet.xsdOAsnanyDentalClinic.Properties.Resources
                    Source: PO_23052024.exe, 00000001.00000002.4107285668.000000000678E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.
                    Source: PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108201561.00000000067AC000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000676B000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108762946.00000000067B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.0000000006736000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116932989.000000000A4E1000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108926498.00000000067D9000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108201561.00000000067AC000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000676B000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108762946.00000000067B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.0000000006736000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116932989.000000000A4E1000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108926498.00000000067D9000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: PO_23052024.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49732 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, 3DlgK9re6m.cs.Net Code: TDa
                    Source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, 3DlgK9re6m.cs.Net Code: TDa
                    Contains functionality to register a low level keyboard hook
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06EE46D8 SetWindowsHookExA 0000000D,00000000,?,?,?,?,?,?,?,?,?,06EE5278,00000000,000000001_2_06EE46D8
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\PO_23052024.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\PO_23052024.exeJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.PO_23052024.exe.44b34e0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_23052024.exe.475e058.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 1.2.PO_23052024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large strings
                    Source: PO_23052024.exe, BufferingPage.csLong String: Length: 150953
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: PO_23052024.exe
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 0_2_0172D3840_2_0172D384
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FBB0B81_2_02FBB0B8
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FB41F01_2_02FB41F0
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FB4AC01_2_02FB4AC0
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FB3EA81_2_02FB3EA8
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E87E801_2_06E87E80
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E8D69C1_2_06E8D69C
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E852A01_2_06E852A0
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E823581_2_06E82358
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E8B9A81_2_06E8B9A8
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E877A01_2_06E877A0
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E85A001_2_06E85A00
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E8EBE81_2_06E8EBE8
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E8EBE71_2_06E8EBE7
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E8F8DF1_2_06E8F8DF
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E800401_2_06E80040
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06EEB3A81_2_06EEB3A8
                    Source: PO_23052024.exeStatic PE information: invalid certificate
                    Source: PO_23052024.exe, 00000000.00000000.1627439297.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHqVJ.exe" vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1652392360.000000000174E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1652876983.000000000349E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1655052359.0000000006890000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1654647381.0000000005A60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000001.00000002.4098302544.0000000001139000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs PO_23052024.exe
                    Source: PO_23052024.exe, 00000001.00000002.4098049822.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f4f14b4-d46b-42ba-b19b-0932f3eca6e2.exe4 vs PO_23052024.exe
                    Source: PO_23052024.exeBinary or memory string: OriginalFilenameHqVJ.exe" vs PO_23052024.exe
                    Source: PO_23052024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.PO_23052024.exe.44b34e0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_23052024.exe.475e058.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 1.2.PO_23052024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: PO_23052024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, slKb.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, mAKJ.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, xQRSe0Fg.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, n3rhMa.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, MQzE4FWn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, nSmgRyX5a1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, 6IMLmJtk.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, 6IMLmJtk.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, 3HroK7qN.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, 3HroK7qN.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, hgVCG1nZUfsxYmN0g5.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, hgVCG1nZUfsxYmN0g5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, SedwyoakyMJQXm4srv.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, hgVCG1nZUfsxYmN0g5.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, hgVCG1nZUfsxYmN0g5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, hgVCG1nZUfsxYmN0g5.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, hgVCG1nZUfsxYmN0g5.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PO_23052024.exe.349e2a4.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.PO_23052024.exe.348e28c.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.PO_23052024.exe.5960000.6.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/3
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_23052024.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMutant created: NULL
                    Source: PO_23052024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: PO_23052024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: PO_23052024.exe, 00000000.00000000.1627439297.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [patient] SET [patientId] = @patientId, [firstName] = @firstName, [lastName] = @lastName, [mobileNumber] = @mobileNumber, [email] = @email, [userName] = @userName, [password] = @password WHERE (([patientId] = @Original_patientId) AND ([firstName] = @Original_firstName) AND ([lastName] = @Original_lastName) AND ((@IsNull_mobileNumber = 1 AND [mobileNumber] IS NULL) OR ([mobileNumber] = @Original_mobileNumber)) AND ([email] = @Original_email) AND ([userName] = @Original_userName) AND ([password] = @Original_password));
                    Source: PO_23052024.exe, 00000000.00000000.1627439297.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [patient] SET [userName] = @userName, [password] = @password, [patientId] = @patientId WHERE (([userName] = @Original_userName) AND ([password] = @Original_password) AND ([patientId] = @Original_patientId));
                    Source: PO_23052024.exe, 00000000.00000000.1627439297.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO [patient] ([patientId], [firstName], [lastName], [mobileNumber], [email], [userName], [password]) VALUES (@patientId, @firstName, @lastName, @mobileNumber, @email, @userName, @password);
                    Source: PO_23052024.exeReversingLabs: Detection: 42%
                    Source: PO_23052024.exeVirustotal: Detection: 36%
                    Source: unknownProcess created: C:\Users\user\Desktop\PO_23052024.exe "C:\Users\user\Desktop\PO_23052024.exe"
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess created: C:\Users\user\Desktop\PO_23052024.exe "C:\Users\user\Desktop\PO_23052024.exe"
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess created: C:\Users\user\Desktop\PO_23052024.exe "C:\Users\user\Desktop\PO_23052024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: PO_23052024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: PO_23052024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: PO_23052024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: HqVJ.pdb source: PO_23052024.exe
                    Source: Binary string: HqVJ.pdbSHA256I source: PO_23052024.exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: PO_23052024.exe, BufferingPage.cs.Net Code: InitializeComponent
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, SedwyoakyMJQXm4srv.cs.Net Code: JkrbtDgMNG System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PO_23052024.exe.5a60000.7.raw.unpack, LoginForm.cs.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, SedwyoakyMJQXm4srv.cs.Net Code: JkrbtDgMNG System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, SedwyoakyMJQXm4srv.cs.Net Code: JkrbtDgMNG System.Reflection.Assembly.Load(byte[])
                    Source: PO_23052024.exeStatic PE information: 0xA89BEBA9 [Fri Aug 22 15:11:37 2059 UTC]
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FBA838 push esp; retf 1_2_02FBAEE1
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FB8B37 push eax; iretd 1_2_02FB8B41
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FB0C55 push edi; retf 1_2_02FB0C7A
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06E862D8 push eax; iretd 1_2_06E862EA
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06EEE5D1 push es; ret 1_2_06EEE5E0
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_06EE6CC8 pushfd ; iretd 1_2_06EE6CD5
                    Source: PO_23052024.exeStatic PE information: section name: .text entropy: 6.989965875411954
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, SedwyoakyMJQXm4srv.csHigh entropy of concatenated method names: 'SGfyc2VEbK', 'tBHyEedkJs', 'pQOyPwJsyY', 'hhYy5wUZhB', 'w6jyfb2xdS', 'TqiyBdFTDa', 'NyqymUrbDF', 'j7IyapHDcQ', 'H7ZyvwV0rH', 'wiUyr3UPvJ'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, jmB1KAUkkDqnT2RK2I.csHigh entropy of concatenated method names: 'bsHZrupvqs', 'NxCZMGO5hg', 'ToString', 'osWZEJu4Tn', 'bqhZPTg15X', 'JvgZ5FCpvr', 'wy8ZfGF7OA', 'OKkZB2sJWt', 'nIBZmXOEdG', 'qflZanY2Zj'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, Pt4vmpouCYfg0AiYBm.csHigh entropy of concatenated method names: 'XjhZWQ3FsX', 'n9MZ2LRky0', 'GWlpNqWsh4', 'jtMpIT8WWd', 'C2fZgYVknk', 'lfxZ9RB9Sy', 'EUSZ1T3JGj', 'bB8ZKoFrD5', 'emWZwGNfUk', 'o9PZLQGobk'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, BTvxVRuFOcGC4swOwH.csHigh entropy of concatenated method names: 'cBLmE0Yttw', 'hbtm5vj1Jf', 'f24mBNRb56', 'jABB24k2i6', 'N7nBzpbieP', 'zD2mNDMVoE', 'YWHmIqDZRk', 'Pkom31liwy', 'q4Imyp5UkI', 'guNmbyShLV'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, KAMKho8eKFH4faEbDi.csHigh entropy of concatenated method names: 'FsNpxVYsUv', 'Ksnp6FQnLk', 'dS2pSWK1qX', 'GbFpY7nkOk', 'lmFpKUOuLA', 'syMpjTIlRX', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, yvrhqoKVXZi4LgAJ2p.csHigh entropy of concatenated method names: 'Vc8sQsGLag', 'UTWs9CdbI3', 'NgPsKmcdl0', 'DMSsww8oE8', 's2Js6I8AmL', 'K1xsS4oPsp', 'vMssYcHtG9', 'ShRsjEqB0d', 'dMssARXDJF', 'zVfsuh3yHX'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, nWCeH9kauReiKWObye.csHigh entropy of concatenated method names: 'Fsc5OlVuQd', 'f245CyxehD', 'xdZ5nbo8gM', 'lbh5kd9gOb', 'ehi5sPhFdp', 'dWt5iqaQbC', 'c8M5Z4Eu1I', 'hIE5p7DZOo', 'JxA5VayCti', 'TsY5qGRoaa'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, hgVCG1nZUfsxYmN0g5.csHigh entropy of concatenated method names: 'krhPK56eSf', 'zBwPw8MZ0P', 'hWvPL1G8wU', 'K96PU4FsdK', 'yshPRQWJQM', 'LD3PobvW2Z', 'v6UPH3OUaw', 'QOUPWRFMSb', 'dE3P8lG8yo', 'I36P2ynYP6'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, llgy1DxyG2JFvShotY.csHigh entropy of concatenated method names: 'CPdBcXLhhG', 'tYEBPqsNPJ', 'uPRBfO3Jht', 'lK3Bm7I6dc', 'ovEBaNj9Hg', 'G9OfRaubdC', 'k6HfotVdw6', 'k2ifHs65bI', 'Tm4fWcaO6W', 'DgVf8DbUe7'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, zaW8hGd5vJRe3S4kvv.csHigh entropy of concatenated method names: 'BZOfeHISja', 'HjTfJH5tT0', 'qGQ5SZIoZY', 'Miw5Y31hHd', 'Kkv5jnpS4S', 'Dny5AGqMZH', 'Ymj5upvFYq', 'Wlu5Fqc4C9', 'KPR54U42YW', 'vSN5QbCsiW'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, Y94WI92gUZyJa9brvN.csHigh entropy of concatenated method names: 'Fc5VIAgdbv', 'E14VykXHIM', 'CCWVbGrTAI', 'wJPVEtZdAL', 'tmpVPNCwL0', 'Pp8VfwGZyF', 'trkVB0bYnV', 'SuVpHYEqc9', 'KhhpWvlqN3', 'XbFp80e7HG'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, r9Qw0UINecGL81cmUeI.csHigh entropy of concatenated method names: 'NLtVT6QNUi', 'DWrVlgtewu', 'tRCVtH8DbP', 'mLeVORc91o', 'OWJVeQmmfW', 't8BVCgSCni', 'UujVJe8BWs', 'KujVnLpibV', 'hWHVknIINC', 'jwtVdmTkjT'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, a1pNlo3CFJKJGAyMRi.csHigh entropy of concatenated method names: 'gBJtUSZmp', 'GbROAwXNK', 'rgOCaOyqQ', 'Y97JyQJ88', 'JD8kRMb6A', 'cdQdx0eLi', 'MmEq5KZV92gK5qP2p4', 'MV8jgAx3V7OCaDCjOe', 'WBppEvYwY', 'dNoqToLau'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, hqttQ9LZ14PnL7ZC7U.csHigh entropy of concatenated method names: 'ToString', 'S6Wigy7geY', 'FNCi6DijH9', 'mn0iS34JmH', 'IdwiYTcnFa', 'Eetijb5re5', 'L8QiAOjLE0', 'ONEiuTXGYA', 'hLOiFrUvkM', 'UMTi4o8LTK'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, tY7w7jIyRSJAb5xHoXA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XcaqKDv5UG', 'n0bqwqtvTd', 'uCLqLLR8ri', 'mKLqU5deVK', 'N35qRFnLpk', 'VAiqoyhOCP', 'ebaqHK4Fwp'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, gr5UF04U9HmL7x664a.csHigh entropy of concatenated method names: 'xNxmTpYl11', 'bWYmllowHj', 'xuCmtHxiTC', 'dt1mOGWu6r', 'l5fmexkQcX', 'xGmmCsggnV', 'lL0mJbnUDQ', 'hu9mnQY36s', 'meMmkTHIBW', 'MRVmdCNBRQ'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, rFYeuPIIXUWaDE8qekq.csHigh entropy of concatenated method names: 'ToString', 'COxqyo7MNB', 'uYbqbu2jJv', 'yP5qcNBlwm', 'M9eqEdu7ZA', 'TO9qPsp8MA', 'kcEq5U30Cm', 'TllqfTTcmW', 'asfNP7Qkm29yEbvxa5g', 'VxWgURQ51L8Cp8hMKpP'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, eX6Pv914m8f69NpEtr.csHigh entropy of concatenated method names: 'JYIXn8toKu', 'IFLXkALcoL', 'wL8XxCbfRo', 'oLBX6dE7yK', 'RI3XYoqm8u', 'Fs9XjAJnAT', 'D8BXuCKSFI', 'I4nXFTfP9M', 'vW0XQgw4w5', 'ao4Xg1vfPy'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, dLmnBibU4QQaT2xxCq.csHigh entropy of concatenated method names: 'bc5ImgVCG1', 'qUfIasxYmN', 'PauIrReiKW', 'AbyIMetaW8', 'H4kIsvvvlg', 'c1DIiyG2JF', 'cruUP8X0JASP89ObxD', 'E615hinHGC2kXO6lZ6', 'cxbIIn21B5', 'l7GIy4Sa67'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, FOsphLPNZfbMrObuDf.csHigh entropy of concatenated method names: 'Dispose', 'X0yI8GT1e9', 'SD636NO5XQ', 'UoTggXdet8', 'rMCI2n38jN', 'AknIz8Xuip', 'ProcessDialogKey', 'F7A3NAMKho', 'BKF3IH4faE', 'eDi33294WI'
                    Source: 0.2.PO_23052024.exe.48d4b48.4.raw.unpack, nCn38jWNOkn8Xuipx7.csHigh entropy of concatenated method names: 'JLUpEH8YGM', 'EmEpPuc8y9', 'EPlp5B4TkG', 'VkTpf1wfWk', 'nqTpBy9v9U', 'tb5pmCcPoG', 'vKDpaj2you', 'z8QpvqFy1x', 'MyKprBcsUX', 'tIApM6UR4M'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, SedwyoakyMJQXm4srv.csHigh entropy of concatenated method names: 'SGfyc2VEbK', 'tBHyEedkJs', 'pQOyPwJsyY', 'hhYy5wUZhB', 'w6jyfb2xdS', 'TqiyBdFTDa', 'NyqymUrbDF', 'j7IyapHDcQ', 'H7ZyvwV0rH', 'wiUyr3UPvJ'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, jmB1KAUkkDqnT2RK2I.csHigh entropy of concatenated method names: 'bsHZrupvqs', 'NxCZMGO5hg', 'ToString', 'osWZEJu4Tn', 'bqhZPTg15X', 'JvgZ5FCpvr', 'wy8ZfGF7OA', 'OKkZB2sJWt', 'nIBZmXOEdG', 'qflZanY2Zj'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, Pt4vmpouCYfg0AiYBm.csHigh entropy of concatenated method names: 'XjhZWQ3FsX', 'n9MZ2LRky0', 'GWlpNqWsh4', 'jtMpIT8WWd', 'C2fZgYVknk', 'lfxZ9RB9Sy', 'EUSZ1T3JGj', 'bB8ZKoFrD5', 'emWZwGNfUk', 'o9PZLQGobk'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, BTvxVRuFOcGC4swOwH.csHigh entropy of concatenated method names: 'cBLmE0Yttw', 'hbtm5vj1Jf', 'f24mBNRb56', 'jABB24k2i6', 'N7nBzpbieP', 'zD2mNDMVoE', 'YWHmIqDZRk', 'Pkom31liwy', 'q4Imyp5UkI', 'guNmbyShLV'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, KAMKho8eKFH4faEbDi.csHigh entropy of concatenated method names: 'FsNpxVYsUv', 'Ksnp6FQnLk', 'dS2pSWK1qX', 'GbFpY7nkOk', 'lmFpKUOuLA', 'syMpjTIlRX', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, yvrhqoKVXZi4LgAJ2p.csHigh entropy of concatenated method names: 'Vc8sQsGLag', 'UTWs9CdbI3', 'NgPsKmcdl0', 'DMSsww8oE8', 's2Js6I8AmL', 'K1xsS4oPsp', 'vMssYcHtG9', 'ShRsjEqB0d', 'dMssARXDJF', 'zVfsuh3yHX'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, nWCeH9kauReiKWObye.csHigh entropy of concatenated method names: 'Fsc5OlVuQd', 'f245CyxehD', 'xdZ5nbo8gM', 'lbh5kd9gOb', 'ehi5sPhFdp', 'dWt5iqaQbC', 'c8M5Z4Eu1I', 'hIE5p7DZOo', 'JxA5VayCti', 'TsY5qGRoaa'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, hgVCG1nZUfsxYmN0g5.csHigh entropy of concatenated method names: 'krhPK56eSf', 'zBwPw8MZ0P', 'hWvPL1G8wU', 'K96PU4FsdK', 'yshPRQWJQM', 'LD3PobvW2Z', 'v6UPH3OUaw', 'QOUPWRFMSb', 'dE3P8lG8yo', 'I36P2ynYP6'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, llgy1DxyG2JFvShotY.csHigh entropy of concatenated method names: 'CPdBcXLhhG', 'tYEBPqsNPJ', 'uPRBfO3Jht', 'lK3Bm7I6dc', 'ovEBaNj9Hg', 'G9OfRaubdC', 'k6HfotVdw6', 'k2ifHs65bI', 'Tm4fWcaO6W', 'DgVf8DbUe7'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, zaW8hGd5vJRe3S4kvv.csHigh entropy of concatenated method names: 'BZOfeHISja', 'HjTfJH5tT0', 'qGQ5SZIoZY', 'Miw5Y31hHd', 'Kkv5jnpS4S', 'Dny5AGqMZH', 'Ymj5upvFYq', 'Wlu5Fqc4C9', 'KPR54U42YW', 'vSN5QbCsiW'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, Y94WI92gUZyJa9brvN.csHigh entropy of concatenated method names: 'Fc5VIAgdbv', 'E14VykXHIM', 'CCWVbGrTAI', 'wJPVEtZdAL', 'tmpVPNCwL0', 'Pp8VfwGZyF', 'trkVB0bYnV', 'SuVpHYEqc9', 'KhhpWvlqN3', 'XbFp80e7HG'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, r9Qw0UINecGL81cmUeI.csHigh entropy of concatenated method names: 'NLtVT6QNUi', 'DWrVlgtewu', 'tRCVtH8DbP', 'mLeVORc91o', 'OWJVeQmmfW', 't8BVCgSCni', 'UujVJe8BWs', 'KujVnLpibV', 'hWHVknIINC', 'jwtVdmTkjT'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, a1pNlo3CFJKJGAyMRi.csHigh entropy of concatenated method names: 'gBJtUSZmp', 'GbROAwXNK', 'rgOCaOyqQ', 'Y97JyQJ88', 'JD8kRMb6A', 'cdQdx0eLi', 'MmEq5KZV92gK5qP2p4', 'MV8jgAx3V7OCaDCjOe', 'WBppEvYwY', 'dNoqToLau'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, hqttQ9LZ14PnL7ZC7U.csHigh entropy of concatenated method names: 'ToString', 'S6Wigy7geY', 'FNCi6DijH9', 'mn0iS34JmH', 'IdwiYTcnFa', 'Eetijb5re5', 'L8QiAOjLE0', 'ONEiuTXGYA', 'hLOiFrUvkM', 'UMTi4o8LTK'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, tY7w7jIyRSJAb5xHoXA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XcaqKDv5UG', 'n0bqwqtvTd', 'uCLqLLR8ri', 'mKLqU5deVK', 'N35qRFnLpk', 'VAiqoyhOCP', 'ebaqHK4Fwp'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, gr5UF04U9HmL7x664a.csHigh entropy of concatenated method names: 'xNxmTpYl11', 'bWYmllowHj', 'xuCmtHxiTC', 'dt1mOGWu6r', 'l5fmexkQcX', 'xGmmCsggnV', 'lL0mJbnUDQ', 'hu9mnQY36s', 'meMmkTHIBW', 'MRVmdCNBRQ'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, rFYeuPIIXUWaDE8qekq.csHigh entropy of concatenated method names: 'ToString', 'COxqyo7MNB', 'uYbqbu2jJv', 'yP5qcNBlwm', 'M9eqEdu7ZA', 'TO9qPsp8MA', 'kcEq5U30Cm', 'TllqfTTcmW', 'asfNP7Qkm29yEbvxa5g', 'VxWgURQ51L8Cp8hMKpP'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, eX6Pv914m8f69NpEtr.csHigh entropy of concatenated method names: 'JYIXn8toKu', 'IFLXkALcoL', 'wL8XxCbfRo', 'oLBX6dE7yK', 'RI3XYoqm8u', 'Fs9XjAJnAT', 'D8BXuCKSFI', 'I4nXFTfP9M', 'vW0XQgw4w5', 'ao4Xg1vfPy'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, dLmnBibU4QQaT2xxCq.csHigh entropy of concatenated method names: 'bc5ImgVCG1', 'qUfIasxYmN', 'PauIrReiKW', 'AbyIMetaW8', 'H4kIsvvvlg', 'c1DIiyG2JF', 'cruUP8X0JASP89ObxD', 'E615hinHGC2kXO6lZ6', 'cxbIIn21B5', 'l7GIy4Sa67'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, FOsphLPNZfbMrObuDf.csHigh entropy of concatenated method names: 'Dispose', 'X0yI8GT1e9', 'SD636NO5XQ', 'UoTggXdet8', 'rMCI2n38jN', 'AknIz8Xuip', 'ProcessDialogKey', 'F7A3NAMKho', 'BKF3IH4faE', 'eDi33294WI'
                    Source: 0.2.PO_23052024.exe.4857f28.5.raw.unpack, nCn38jWNOkn8Xuipx7.csHigh entropy of concatenated method names: 'JLUpEH8YGM', 'EmEpPuc8y9', 'EPlp5B4TkG', 'VkTpf1wfWk', 'nqTpBy9v9U', 'tb5pmCcPoG', 'vKDpaj2you', 'z8QpvqFy1x', 'MyKprBcsUX', 'tIApM6UR4M'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, SedwyoakyMJQXm4srv.csHigh entropy of concatenated method names: 'SGfyc2VEbK', 'tBHyEedkJs', 'pQOyPwJsyY', 'hhYy5wUZhB', 'w6jyfb2xdS', 'TqiyBdFTDa', 'NyqymUrbDF', 'j7IyapHDcQ', 'H7ZyvwV0rH', 'wiUyr3UPvJ'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, jmB1KAUkkDqnT2RK2I.csHigh entropy of concatenated method names: 'bsHZrupvqs', 'NxCZMGO5hg', 'ToString', 'osWZEJu4Tn', 'bqhZPTg15X', 'JvgZ5FCpvr', 'wy8ZfGF7OA', 'OKkZB2sJWt', 'nIBZmXOEdG', 'qflZanY2Zj'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, Pt4vmpouCYfg0AiYBm.csHigh entropy of concatenated method names: 'XjhZWQ3FsX', 'n9MZ2LRky0', 'GWlpNqWsh4', 'jtMpIT8WWd', 'C2fZgYVknk', 'lfxZ9RB9Sy', 'EUSZ1T3JGj', 'bB8ZKoFrD5', 'emWZwGNfUk', 'o9PZLQGobk'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, BTvxVRuFOcGC4swOwH.csHigh entropy of concatenated method names: 'cBLmE0Yttw', 'hbtm5vj1Jf', 'f24mBNRb56', 'jABB24k2i6', 'N7nBzpbieP', 'zD2mNDMVoE', 'YWHmIqDZRk', 'Pkom31liwy', 'q4Imyp5UkI', 'guNmbyShLV'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, KAMKho8eKFH4faEbDi.csHigh entropy of concatenated method names: 'FsNpxVYsUv', 'Ksnp6FQnLk', 'dS2pSWK1qX', 'GbFpY7nkOk', 'lmFpKUOuLA', 'syMpjTIlRX', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, yvrhqoKVXZi4LgAJ2p.csHigh entropy of concatenated method names: 'Vc8sQsGLag', 'UTWs9CdbI3', 'NgPsKmcdl0', 'DMSsww8oE8', 's2Js6I8AmL', 'K1xsS4oPsp', 'vMssYcHtG9', 'ShRsjEqB0d', 'dMssARXDJF', 'zVfsuh3yHX'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, nWCeH9kauReiKWObye.csHigh entropy of concatenated method names: 'Fsc5OlVuQd', 'f245CyxehD', 'xdZ5nbo8gM', 'lbh5kd9gOb', 'ehi5sPhFdp', 'dWt5iqaQbC', 'c8M5Z4Eu1I', 'hIE5p7DZOo', 'JxA5VayCti', 'TsY5qGRoaa'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, hgVCG1nZUfsxYmN0g5.csHigh entropy of concatenated method names: 'krhPK56eSf', 'zBwPw8MZ0P', 'hWvPL1G8wU', 'K96PU4FsdK', 'yshPRQWJQM', 'LD3PobvW2Z', 'v6UPH3OUaw', 'QOUPWRFMSb', 'dE3P8lG8yo', 'I36P2ynYP6'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, llgy1DxyG2JFvShotY.csHigh entropy of concatenated method names: 'CPdBcXLhhG', 'tYEBPqsNPJ', 'uPRBfO3Jht', 'lK3Bm7I6dc', 'ovEBaNj9Hg', 'G9OfRaubdC', 'k6HfotVdw6', 'k2ifHs65bI', 'Tm4fWcaO6W', 'DgVf8DbUe7'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, zaW8hGd5vJRe3S4kvv.csHigh entropy of concatenated method names: 'BZOfeHISja', 'HjTfJH5tT0', 'qGQ5SZIoZY', 'Miw5Y31hHd', 'Kkv5jnpS4S', 'Dny5AGqMZH', 'Ymj5upvFYq', 'Wlu5Fqc4C9', 'KPR54U42YW', 'vSN5QbCsiW'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, Y94WI92gUZyJa9brvN.csHigh entropy of concatenated method names: 'Fc5VIAgdbv', 'E14VykXHIM', 'CCWVbGrTAI', 'wJPVEtZdAL', 'tmpVPNCwL0', 'Pp8VfwGZyF', 'trkVB0bYnV', 'SuVpHYEqc9', 'KhhpWvlqN3', 'XbFp80e7HG'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, r9Qw0UINecGL81cmUeI.csHigh entropy of concatenated method names: 'NLtVT6QNUi', 'DWrVlgtewu', 'tRCVtH8DbP', 'mLeVORc91o', 'OWJVeQmmfW', 't8BVCgSCni', 'UujVJe8BWs', 'KujVnLpibV', 'hWHVknIINC', 'jwtVdmTkjT'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, a1pNlo3CFJKJGAyMRi.csHigh entropy of concatenated method names: 'gBJtUSZmp', 'GbROAwXNK', 'rgOCaOyqQ', 'Y97JyQJ88', 'JD8kRMb6A', 'cdQdx0eLi', 'MmEq5KZV92gK5qP2p4', 'MV8jgAx3V7OCaDCjOe', 'WBppEvYwY', 'dNoqToLau'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, hqttQ9LZ14PnL7ZC7U.csHigh entropy of concatenated method names: 'ToString', 'S6Wigy7geY', 'FNCi6DijH9', 'mn0iS34JmH', 'IdwiYTcnFa', 'Eetijb5re5', 'L8QiAOjLE0', 'ONEiuTXGYA', 'hLOiFrUvkM', 'UMTi4o8LTK'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, tY7w7jIyRSJAb5xHoXA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XcaqKDv5UG', 'n0bqwqtvTd', 'uCLqLLR8ri', 'mKLqU5deVK', 'N35qRFnLpk', 'VAiqoyhOCP', 'ebaqHK4Fwp'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, gr5UF04U9HmL7x664a.csHigh entropy of concatenated method names: 'xNxmTpYl11', 'bWYmllowHj', 'xuCmtHxiTC', 'dt1mOGWu6r', 'l5fmexkQcX', 'xGmmCsggnV', 'lL0mJbnUDQ', 'hu9mnQY36s', 'meMmkTHIBW', 'MRVmdCNBRQ'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, rFYeuPIIXUWaDE8qekq.csHigh entropy of concatenated method names: 'ToString', 'COxqyo7MNB', 'uYbqbu2jJv', 'yP5qcNBlwm', 'M9eqEdu7ZA', 'TO9qPsp8MA', 'kcEq5U30Cm', 'TllqfTTcmW', 'asfNP7Qkm29yEbvxa5g', 'VxWgURQ51L8Cp8hMKpP'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, eX6Pv914m8f69NpEtr.csHigh entropy of concatenated method names: 'JYIXn8toKu', 'IFLXkALcoL', 'wL8XxCbfRo', 'oLBX6dE7yK', 'RI3XYoqm8u', 'Fs9XjAJnAT', 'D8BXuCKSFI', 'I4nXFTfP9M', 'vW0XQgw4w5', 'ao4Xg1vfPy'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, dLmnBibU4QQaT2xxCq.csHigh entropy of concatenated method names: 'bc5ImgVCG1', 'qUfIasxYmN', 'PauIrReiKW', 'AbyIMetaW8', 'H4kIsvvvlg', 'c1DIiyG2JF', 'cruUP8X0JASP89ObxD', 'E615hinHGC2kXO6lZ6', 'cxbIIn21B5', 'l7GIy4Sa67'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, FOsphLPNZfbMrObuDf.csHigh entropy of concatenated method names: 'Dispose', 'X0yI8GT1e9', 'SD636NO5XQ', 'UoTggXdet8', 'rMCI2n38jN', 'AknIz8Xuip', 'ProcessDialogKey', 'F7A3NAMKho', 'BKF3IH4faE', 'eDi33294WI'
                    Source: 0.2.PO_23052024.exe.6890000.8.raw.unpack, nCn38jWNOkn8Xuipx7.csHigh entropy of concatenated method names: 'JLUpEH8YGM', 'EmEpPuc8y9', 'EPlp5B4TkG', 'VkTpf1wfWk', 'nqTpBy9v9U', 'tb5pmCcPoG', 'vKDpaj2you', 'z8QpvqFy1x', 'MyKprBcsUX', 'tIApM6UR4M'
                    Source: C:\Users\user\Desktop\PO_23052024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6824, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 1700000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 3460000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 1940000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 6A10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 7A10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 7B50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 8B50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 2FB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: 2FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599195Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599075Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598903Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598745Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598500Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595781Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595672Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595563Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595438Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595188Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595078Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594969Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594844Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594735Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594610Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594485Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594360Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594235Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594110Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 593985Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 593860Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeWindow / User API: threadDelayed 1135Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeWindow / User API: threadDelayed 8692Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 6128Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599195s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -599075s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -598903s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -598745s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -598500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -598360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99344s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -99014s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98797s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98141s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -98031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -97922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -97812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -97703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -97594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -595078s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594969s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -594110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -593985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exe TID: 7200Thread sleep time: -593860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599195Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 599075Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598903Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598745Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598500Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 598360Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99891Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99781Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99563Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99453Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99344Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99234Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99125Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 99014Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98906Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98797Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98687Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98578Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98469Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98359Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98250Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98141Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 98031Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 97922Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 97812Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 97703Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 97594Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595781Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595672Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595563Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595438Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595313Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595188Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 595078Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594969Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594844Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594735Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594610Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594485Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594360Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594235Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 594110Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 593985Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeThread delayed: delay time: 593860Jump to behavior
                    Source: PO_23052024.exe, 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                    Source: PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\PO_23052024.exeCode function: 1_2_02FB7ED0 CheckRemoteDebuggerPresent,1_2_02FB7ED0
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeProcess created: C:\Users\user\Desktop\PO_23052024.exe "C:\Users\user\Desktop\PO_23052024.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Users\user\Desktop\PO_23052024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Users\user\Desktop\PO_23052024.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.PO_23052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6972, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\PO_23052024.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.PO_23052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6972, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.44b34e0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.PO_23052024.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PO_23052024.exe.475e058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6824, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PO_23052024.exe PID: 6972, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		31
                    Input Capture                    		34
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS531
                    Security Software Discovery                    		Distributed Component Object Model31
                    Input Capture                    		13
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets1
                    Process Discovery                    		SSH1
                    Clipboard Data                    		Fallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job261
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    PO_23052024.exe42%ReversingLabsByteCode-MSIL.Trojan.Generic
                    PO_23052024.exe36%VirustotalBrowse
                    PO_23052024.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    api.ipify.org1%VirustotalBrowse
                    ip-api.com0%VirustotalBrowse
                    mail.alitextile.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://tempuri.org/DataSet1.xsd0%URL Reputationsafe
                    http://tempuri.org/registerationDataSet.xsdOAsnanyDentalClinic.Properties.Resources0%Avira URL Cloudsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://r3.i.lencr.org/00%URL Reputationsafe
                    http://x1.c.0%Avira URL Cloudsafe
                    http://mail.alitextile.com0%Avira URL Cloudsafe
                    http://tempuri.org/registerationDataSet.xsdOAsnanyDentalClinic.Properties.Resources1%VirustotalBrowse
                    http://mail.alitextile.com0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.12.205
                    		truefalseunknown
                    ip-api.com
                    		208.95.112.1
                    		truetrueunknown
                    mail.alitextile.com
                    		192.185.143.105
                    		truetrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://api.ipify.org/false
                    • URL Reputation: safe
                    		unknown
                    http://ip-api.com/line/?fields=hostingfalse
                    • URL Reputation: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://api.ipify.orgPO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/registerationDataSet.xsdOAsnanyDentalClinic.Properties.ResourcesPO_23052024.exefalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://account.dyn.com/PO_23052024.exe, 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.org/0PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108201561.00000000067AC000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000676B000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108762946.00000000067B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.0000000006736000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116932989.000000000A4E1000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108926498.00000000067D9000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/0PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108201561.00000000067AC000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000676B000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108762946.00000000067B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.0000000006736000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116932989.000000000A4E1000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108926498.00000000067D9000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://mail.alitextile.comPO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000368B000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/DataSet1.xsdPO_23052024.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://r3.o.lencr.org0PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000327A000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107937316.000000000679A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO_23052024.exe, 00000001.00000002.4100635153.00000000031B1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/0PO_23052024.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.PO_23052024.exe, 00000001.00000002.4107285668.000000000678E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://r3.i.lencr.org/0PO_23052024.exe, 00000001.00000002.4098769482.000000000133E000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003406000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003362000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4108862222.00000000067C6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.0000000003540000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4116822748.000000000A4B6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000032BF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000034A7000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107285668.000000000678A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4117353080.000000000A538000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000035EF000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4098769482.00000000012E6000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4099457587.000000000137A000.00000004.00000020.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4100635153.000000000327A000.00000004.00000800.00020000.00000000.sdmp, PO_23052024.exe, 00000001.00000002.4107937316.000000000679A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    208.95.112.1
                    		ip-api.comUnited States
                    		53334TUT-ASUStrue
                    104.26.12.205
                    		api.ipify.orgUnited States
                    		13335CLOUDFLARENETUSfalse
                    192.185.143.105
                    		mail.alitextile.comUnited States
                    		46606UNIFIEDLAYER-AS-1UStrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1446505
                    Start date and time:2024-05-23 15:14:07 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 54s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:6
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:PO_23052024.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@3/1@3/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 51
                    • Number of non-executed functions: 1
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:14:54API Interceptor9855726x Sleep call for process: PO_23052024.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    208.95.112.1MOLEX 436500304-10000.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • ip-api.com/line/?fields=hosting
                    t3h7DNer1Q.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                    • ip-api.com/line/?fields=hosting
                    INVOICE.jsGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    C30XdMP03R.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    NTgo4SxmS3.exeGet hashmaliciousBlank Grabber, DCRatBrowse
                    • ip-api.com/json/?fields=225545
                    SecuriteInfo.com.PowerShell.Siggen.2046.5121.22247.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • ip-api.com/line/?fields=hosting
                    SecuriteInfo.com.Python.Muldrop.18.23042.15901.exeGet hashmaliciousBlank GrabberBrowse
                    • ip-api.com/json/?fields=225545
                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    New Inquiry RFQ.NO2015.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    104.26.12.205482730621.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    482730621.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    Sky-Beta.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    SecuriteInfo.com.Backdoor.Win32.Agent.myuuxz.13708.17224.exeGet hashmaliciousBunny LoaderBrowse
                    • api.ipify.org/
                    lods.cmdGet hashmaliciousRemcosBrowse
                    • api.ipify.org/

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    ip-api.comMOLEX 436500304-10000.exeGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 208.95.112.1
                    t3h7DNer1Q.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                    • 208.95.112.1
                    INVOICE.jsGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    C30XdMP03R.exeGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    NTgo4SxmS3.exeGet hashmaliciousBlank Grabber, DCRatBrowse
                    • 208.95.112.1
                    SecuriteInfo.com.PowerShell.Siggen.2046.5121.22247.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 208.95.112.1
                    SecuriteInfo.com.Python.Muldrop.18.23042.15901.exeGet hashmaliciousBlank GrabberBrowse
                    • 208.95.112.1
                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    New Inquiry RFQ.NO2015.exeGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    api.ipify.orgrPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 104.26.13.205
                    ASCD0001 INQ9829......pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.13.205
                    http://t.co/COiSlB3TomGet hashmaliciousHTMLPhisherBrowse
                    • 104.26.12.205
                    Zam#U00f3w nr 90016288247_ ZNG_1406_MG_2024_004782922.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.13.205
                    NEW ORDER.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.13.205
                    pro-forma invoice.xlsm.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 172.67.74.152
                    Order PS24S0040.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 172.67.74.152
                    https://greettive-tke-783743.pages.dev/help/contact/95094729232531Get hashmaliciousUnknownBrowse
                    • 104.26.12.205
                    948209184.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    DHL Delivery Invoice.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    mail.alitextile.comPO_21052024.exeGet hashmaliciousAgentTeslaBrowse
                    • 192.185.143.105
                    PO_#20241705.exeGet hashmaliciousAgentTeslaBrowse
                    • 192.185.143.105
                    PO_20240516.exeGet hashmaliciousAgentTeslaBrowse
                    • 192.185.143.105
                    PO_202405014.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 192.185.143.105
                    Purchase Order_#400086587.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 192.185.143.105
                    Purchase Order_#400388875.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 192.185.143.105
                    cir0tBXcdO.exeGet hashmaliciousAgentTeslaBrowse
                    • 192.185.143.105

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    UNIFIEDLAYER-AS-1UShttp://chocolatefashiononline.comGet hashmaliciousUnknownBrowse
                    • 192.185.181.216
                    ELECTRONIC RECEIPT_Rockwool.htmlGet hashmaliciousUnknownBrowse
                    • 162.240.231.208
                    yzKJORP7Q4.elfGet hashmaliciousMirai, MoobotBrowse
                    • 142.7.14.96
                    4rg5Y5MHO8.elfGet hashmaliciousMirai, MoobotBrowse
                    • 142.7.14.96
                    w5c8CHID77.exeGet hashmaliciousUnknownBrowse
                    • 74.220.199.6
                    SecuriteInfo.com.Trojan.DownLoad3.33216.13863.20878.exeGet hashmaliciousUnknownBrowse
                    • 192.254.232.193
                    https://wrt.dvw.mybluehost.me/CH/SBB/index/Get hashmaliciousUnknownBrowse
                    • 162.241.225.162
                    DHL INVOICE.scr.exeGet hashmaliciousAgentTeslaBrowse
                    • 162.214.80.31
                    file.exeGet hashmaliciousCMSBruteBrowse
                    • 162.215.2.27
                    DHL INVOICE.scr.exeGet hashmaliciousAgentTeslaBrowse
                    • 162.214.80.31
                    CLOUDFLARENETUShesaphareketi-015232024.SCR.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    ORDEM DE COMPRA.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    http://chocolatefashiononline.comGet hashmaliciousUnknownBrowse
                    • 104.19.178.52
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 104.26.13.205
                    https://lnk.sk/mzoyGet hashmaliciousUnknownBrowse
                    • 172.67.176.2
                    https://lnk.sk/twr3Get hashmaliciousUnknownBrowse
                    • 104.21.48.17
                    COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                    • 104.21.5.109
                    t3h7DNer1Q.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                    • 104.16.185.241
                    https://docs.google.com/forms/d/e/1FAIpQLSeRYIPr_Xs8SxtWD9VaAhgsz9aibS_bijyTwdbidiIQ4ngVlQ/viewform?embedded=true&entry.1325074572=http%3A%2F%2Fr.smtp.euro-symbiose.fr%2Ftr%2Fcl%2Fqrjz6G3WMajAukEuXu-N0Qebu__8ljHwQjs84-vbNFkstMs8BrqGB6auM8cV52vdc-z8kda-O1XzLDMdp-o1VJ_xiAbOzr9v5pxwTGj0Dst_LdwxxKSPofjHdg7nt8IDlgUJ3uTEcfUBoqUeYZ1z6UfsaMJ-LJXtWMT4Mwb9atjObh_1JANJ5jvL-GurRI94WpyXTvnXhmqNG1ThqZzYQSaX5jfeHHDV6kb8kSgWbW5xuXgTilqIdc91eM30NL2GhrRlNADqergaHf7cyAh4WnSBK&entry.731640200=build-verify+URL%3A+build+UrlParams%3A+build-verify+URL%3A+get+URL%3A+decrypt%3A+base64+decode%3A+illegal+base64+data+at+input+byte+280Get hashmaliciousUnknownBrowse
                    • 1.1.1.1
                    RE Fasthosts - Payment Failed.emlGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                    • 104.18.10.14
                    TUT-ASUSMOLEX 436500304-10000.exeGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 208.95.112.1
                    t3h7DNer1Q.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                    • 208.95.112.1
                    INVOICE.jsGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    C30XdMP03R.exeGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    NTgo4SxmS3.exeGet hashmaliciousBlank Grabber, DCRatBrowse
                    • 208.95.112.1
                    SecuriteInfo.com.PowerShell.Siggen.2046.5121.22247.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 208.95.112.1
                    SecuriteInfo.com.Python.Muldrop.18.23042.15901.exeGet hashmaliciousBlank GrabberBrowse
                    • 208.95.112.1
                    documentos.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1
                    New Inquiry RFQ.NO2015.exeGet hashmaliciousAgentTeslaBrowse
                    • 208.95.112.1

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    3b5074b1b5d032e5620f69f9f700ff0ehesaphareketi-015232024.SCR.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.12.205
                    ORDEM DE COMPRA.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 104.26.12.205
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 104.26.12.205
                    ASCD0001 INQ9829......pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.12.205
                    Invoice.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 104.26.12.205
                    msimg32.dllGet hashmaliciousRemcosBrowse
                    • 104.26.12.205
                    https://url10.mailanyone.net/scanner?m=1s9Mri-0007hx-3T&d=4%7Cmail%2F90%2F1716287400%2F1s9Mri-0007hx-3T%7Cin10g%7C57e1b682%7C12862802%7C10019077%7C664C7952D245399BD4B163183C53C253&o=%2Fphte%3A%2Fdtsseedrontec.iuconsctomat%2Fku.&s=X3gWuPbJRU1Tmui7Qt2w30qEumEGet hashmaliciousHTMLPhisherBrowse
                    • 104.26.12.205
                    INVOICE.jsGet hashmaliciousAgentTeslaBrowse
                    • 104.26.12.205
                    Zam#U00f3w nr 90016288247_ ZNG_1406_MG_2024_004782922.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.12.205
                    NEW ORDER.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.12.205

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_23052024.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\PO_23052024.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1216
                    Entropy (8bit):5.34331486778365
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                    Malicious:false
                    Reputation:high, very likely benign file
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.002050746639198
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    • Win32 Executable (generic) a (10002005/4) 49.97%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:PO_23052024.exe
                    File size:924'168 bytes
                    MD5:23626a822afb45c288acf9fabbef5ad1
                    SHA1:4e0db9f021191084331d9ed7164f066fe1003f06
                    SHA256:581ebd71502e26428ff03f5d743fbea09b17d22779e739c41022ac41cfac0242
                    SHA512:6d098502008b94d46abd74bbc5a9c53f7101da6538f44e634fb2556e970950474193c43de03dd37f56442fb4a5e47a6449f462e3a598a10602f20851f178b2b6
                    SSDEEP:12288:C8zWaRWoy6JBmtWTDNO9UEJEgR4ADxRuAoZzqCqw+FWzu7rxK4qLEDkR:C8zWMMcBXTPg7CqwQrFo1
                    TLSH:6B158D3D18F922E29164C6A8CFE0C627B410F4EA30936935A9D28B55575BE0FBDC327D
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. .......................@............@................................

                    File Icon

                    Icon Hash:90cececece8e8eb0

                    Static PE Info

                    General

                    Entrypoint:0x4df812
                    Entrypoint Section:.text
                    Digitally signed:true
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0xA89BEBA9 [Fri Aug 22 15:11:37 2059 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Authenticode Signature

                    Signature Valid:false
                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                    Signature Validation Error:The digital signature of the object did not verify
                    Error Number:-2146869232
                    Not Before, Not After
                    • 13/11/2018 00:00:00 08/11/2021 23:59:59
                    Subject Chain
                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                    Version:3
                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                    Serial:7C1118CBBADC95DA3752C46E47A27438

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xdf7bf0x4f.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xe00000x55c.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0xde4000x3608
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe20000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0xddbc80x70.text
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000xdd8180xdda0091c10c39c0d4a950c8db2cd19275ce12False0.7085734806824591data6.989965875411954IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0xe00000x55c0x600895e1914068a558e688da2bfacdd1117False0.3984375data3.909581881754366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0xe20000xc0x2000906f14d84f4048adecf40728c5a10fcFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0xe00900x2ccdata0.4301675977653631
                    RT_MANIFEST0xe036c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 23, 2024 15:14:57.264163971 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.264234066 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:57.264317036 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.274226904 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.274240017 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:57.868662119 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:57.868797064 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.871728897 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.871738911 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:57.872033119 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:57.918103933 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.921597004 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:57.962510109 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:58.144531965 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:58.144602060 CEST44349732104.26.12.205192.168.2.4
                    May 23, 2024 15:14:58.144654989 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:58.159373045 CEST49732443192.168.2.4104.26.12.205
                    May 23, 2024 15:14:58.211792946 CEST4973380192.168.2.4208.95.112.1
                    May 23, 2024 15:14:58.218539953 CEST8049733208.95.112.1192.168.2.4
                    May 23, 2024 15:14:58.218657970 CEST4973380192.168.2.4208.95.112.1
                    May 23, 2024 15:14:58.218795061 CEST4973380192.168.2.4208.95.112.1
                    May 23, 2024 15:14:58.272778034 CEST8049733208.95.112.1192.168.2.4
                    May 23, 2024 15:14:58.720228910 CEST8049733208.95.112.1192.168.2.4
                    May 23, 2024 15:14:58.761869907 CEST4973380192.168.2.4208.95.112.1
                    May 23, 2024 15:14:59.857954979 CEST4973380192.168.2.4208.95.112.1
                    May 23, 2024 15:14:59.865355968 CEST8049733208.95.112.1192.168.2.4
                    May 23, 2024 15:14:59.865426064 CEST4973380192.168.2.4208.95.112.1
                    May 23, 2024 15:15:00.109622955 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:00.114650965 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:00.114732027 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:00.707441092 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:00.707745075 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:00.763441086 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:00.825196981 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:00.825453043 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:00.830365896 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:00.942614079 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:00.943167925 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:00.948102951 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.064224005 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.065455914 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.065522909 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.069269896 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.069279909 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.069331884 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.085501909 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.116055965 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.116123915 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.121002913 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.225574970 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.228625059 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.276777983 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.422039986 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.437019110 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.442173958 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.574803114 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.575198889 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.581516981 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.835691929 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.836100101 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.841353893 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.948579073 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:01.949039936 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:01.958311081 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.075952053 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.076473951 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:02.086052895 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.193198919 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.194154978 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:02.194206953 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:02.194221973 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:02.194242001 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:15:02.204132080 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.208956003 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.209008932 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.209060907 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.312308073 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:15:02.355657101 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:39.887504101 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:39.921252012 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:16:40.023904085 CEST58749734192.185.143.105192.168.2.4
                    May 23, 2024 15:16:40.024420023 CEST49734587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:43.727264881 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:43.732188940 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:43.732265949 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:44.396500111 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.396652937 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:44.402477026 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.539321899 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.539949894 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:44.544846058 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.656542063 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.657021046 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:44.668224096 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.789745092 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.791134119 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.794641018 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.794796944 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:44.797801971 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:44.855568886 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.965368032 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:44.970998049 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.020560980 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.171302080 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.171669960 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.176538944 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.287921906 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.288178921 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.293122053 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.524960995 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.525141954 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.530133963 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.639410019 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.639626026 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.644589901 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.777327061 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.787616968 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.792623997 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.901881933 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.920559883 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.920728922 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.920815945 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.920958042 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.923688889 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.925514936 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.925569057 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.933240891 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.933249950 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.933258057 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.933265924 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.933269024 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.933410883 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.938047886 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938056946 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938065052 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938067913 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938071012 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938077927 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938086033 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.938112020 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.938159943 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.942799091 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.942862988 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.948345900 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.948357105 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.948364973 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.948371887 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.948379040 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.948405027 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.948437929 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.953131914 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.953140020 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.953147888 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.953222036 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.953241110 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.961071968 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.961081982 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.961174011 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.965832949 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.965841055 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.965851068 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.965862036 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.965892076 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.965917110 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:45.972009897 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972014904 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972018003 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972026110 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972029924 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972033024 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972045898 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972054005 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972063065 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972069979 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972079039 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972086906 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972095013 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.972103119 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.976955891 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.976965904 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.976972103 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.976979017 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.976988077 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.976994991 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:45.977003098 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.012275934 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:46.017195940 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.017210007 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.067437887 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.300647020 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.355933905 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:46.689241886 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:46.697299004 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.805128098 CEST58764310192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.805789948 CEST64310587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:46.809988022 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:46.860251904 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:46.860446930 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:47.479321003 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:47.479827881 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:47.484785080 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:47.594204903 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:47.652842999 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:47.800262928 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:47.805496931 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:47.916765928 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:47.917188883 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:47.922250986 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:48.050646067 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:48.052891016 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:48.052939892 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:48.058696032 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:48.060420036 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:48.106120110 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:48.216521978 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:48.277817965 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:49.477814913 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:49.482861996 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:49.596838951 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:49.597246885 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:49.604101896 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:49.715307951 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:49.717408895 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:49.724510908 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:49.847898006 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:49.862778902 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:49.868788958 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.008234978 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.010950089 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.017793894 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.159379959 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.159650087 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.164589882 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.275930882 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.276249886 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.276309013 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.276360035 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.276434898 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.277671099 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.281194925 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.281271935 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.286055088 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286067963 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286084890 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286096096 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286104918 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286118031 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286127090 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286137104 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286142111 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.286144972 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286154032 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.286175013 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.286186934 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.286200047 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.286247969 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.290906906 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.291023970 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.295692921 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295706987 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295715094 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295728922 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295738935 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295747995 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295752048 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295759916 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.295787096 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.295823097 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.295850039 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.300446987 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.300457001 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.300643921 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.305526972 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305537939 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305546999 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305556059 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305563927 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305574894 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305588007 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305598021 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305607080 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.305610895 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:50.305618048 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311122894 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311135054 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311142921 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311151028 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311166048 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311175108 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311182022 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311191082 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.311198950 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.315846920 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.315857887 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.315865993 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.315879107 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.315887928 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.315896034 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.363301039 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.600188971 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:50.699959040 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:52.884596109 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:52.893249035 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.019778967 CEST58764311192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.023416996 CEST64311587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:53.024502993 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:53.085539103 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.087337017 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:53.651254892 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.651408911 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:53.656342983 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.776645899 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.776813030 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:53.785034895 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.896958113 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:53.897480965 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:53.902977943 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.025933027 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.027334929 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.027374983 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.030801058 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.037483931 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.084261894 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.192486048 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.193674088 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.201446056 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.309587002 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.309850931 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.314762115 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.425486088 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.425766945 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.430721998 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.541399002 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.541598082 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.546540976 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.658204079 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.658497095 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.668153048 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.787369013 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.787628889 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.794182062 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.902261972 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.902740955 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.902740955 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.902740955 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.903002024 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.907027960 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.907697916 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.907879114 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.912497044 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.912508965 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.912518978 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.912528038 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.912535906 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.912545919 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.912691116 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.912691116 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.917367935 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.917452097 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.922139883 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.922151089 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.922267914 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.927181959 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.927238941 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.927515030 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.932060957 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.932094097 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.932121992 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.932149887 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.932152033 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:16:54.932178020 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.932207108 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.936872959 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.936903954 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.936932087 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.936959982 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.936989069 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.937017918 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.937046051 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.937131882 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.941641092 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.941670895 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.941698074 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.941725969 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:54.985338926 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:55.230340004 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:16:55.434151888 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:08.936897993 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:09.234507084 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:09.591008902 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:09.895410061 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:17:09.901766062 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:17:09.901787996 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.002594948 CEST58764312192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.003140926 CEST64312587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:10.004336119 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:10.013463020 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.013546944 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:10.672323942 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.672744989 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:10.680797100 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.872759104 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.873032093 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:10.880935907 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:10.998703003 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.002553940 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.010612011 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.137636900 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.139303923 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.139564991 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.142919064 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.145880938 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.155679941 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.159027100 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.164433002 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.282625914 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.287153006 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.292237997 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.405637980 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.406472921 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.411544085 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.525867939 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.526509047 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.531984091 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.765208006 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.765424967 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.771644115 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.884622097 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:11.884905100 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:11.889893055 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.010660887 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.012155056 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.019284010 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.132543087 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.133994102 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.134109974 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.134222031 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.134313107 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.139709949 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.140254974 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.145612001 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194118023 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194174051 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194205046 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194232941 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194231987 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194262028 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194272041 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194288015 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194291115 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194303036 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194319963 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194339037 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194348097 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194375038 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194376945 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194386005 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194405079 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194423914 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194433928 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194454908 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194469929 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.194523096 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.194578886 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.205986977 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.206047058 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.210963011 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.210992098 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.211019993 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.211019993 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.211045027 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.211050034 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.211064100 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.211114883 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.215786934 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.215840101 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220586061 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220616102 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220643044 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220647097 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220668077 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220670938 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220695972 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220698118 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220724106 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220726013 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220748901 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220753908 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220776081 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220782042 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220803022 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220808983 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.220829964 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.220849037 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.225357056 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.225388050 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.225414991 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.225415945 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:12.226511955 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226541996 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226569891 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226598024 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226624966 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226651907 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226679087 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226706028 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226732969 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226759911 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226788044 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226814032 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226840973 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226870060 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226896048 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226922989 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226948977 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.226977110 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.227004051 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.227034092 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.227061033 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.230143070 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.234951973 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.234980106 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.235007048 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.248203993 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.487757921 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:12.684567928 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:19.419008017 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:19.454317093 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:19.563782930 CEST58764313192.185.143.105192.168.2.4
                    May 23, 2024 15:17:19.564408064 CEST64313587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:19.565408945 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:19.575021029 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:19.575530052 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.205591917 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.205835104 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.220541000 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.353646994 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.359181881 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.366559982 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.475250006 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.479484081 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.484596968 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.620670080 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.622728109 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.622833967 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.627579927 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.628796101 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.676676989 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.810839891 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.813076019 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.818229914 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.929534912 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:20.933068991 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:20.938797951 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.083518982 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.087317944 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.096491098 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.208025932 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.210681915 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.216387987 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.325083971 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.325303078 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.332843065 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.461936951 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.462251902 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.468177080 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.728105068 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.728475094 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.728545904 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.728607893 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.728712082 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.730436087 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.737324953 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.737387896 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783462048 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783514977 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783544064 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783636093 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783654928 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783663034 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783688068 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783709049 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783727884 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783736944 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783755064 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783765078 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783785105 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783792973 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783817053 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783821106 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783842087 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783873081 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783873081 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783900023 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.783917904 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.783952951 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.790359020 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.790415049 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.847600937 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.847675085 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.847678900 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.847708941 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.847733974 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.847796917 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.852144957 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.852247000 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.856990099 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.857018948 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.857044935 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.857053995 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.857070923 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.857083082 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.857125044 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.857146025 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.872420073 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.872490883 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:21.877865076 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.882658958 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.882688999 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.882718086 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.882745028 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.882772923 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.882800102 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.931621075 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:21.931644917 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:22.067301035 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:22.185978889 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:29.531433105 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:29.545619965 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:29.667495012 CEST58764314192.185.143.105192.168.2.4
                    May 23, 2024 15:17:29.668004036 CEST64314587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:29.670514107 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:29.726735115 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:29.726835012 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.300381899 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.300584078 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.305516958 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.435539007 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.435772896 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.491030931 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.555094004 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.555602074 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.560681105 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.690963030 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.692662954 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.694384098 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.696180105 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.702510118 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.744575024 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.908611059 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:30.911478043 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:30.916507959 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.051141024 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.053205967 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.058271885 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.173125982 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.173496008 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.196033955 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.296473980 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.296850920 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.301959038 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.427299976 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.435162067 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.440237999 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.618089914 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.621361017 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.629096031 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.753602982 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.753956079 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.753978014 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.754051924 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.754051924 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.759094000 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.761007071 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.761101961 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.770207882 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.770236015 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.770250082 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.770275116 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.770287991 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.770320892 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.770320892 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.770411015 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.804549932 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.804696083 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.824250937 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.824409962 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.847012997 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847028971 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847042084 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847053051 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847068071 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847079992 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847084045 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.847084045 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:31.847094059 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847105980 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847119093 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847131014 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847143888 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847157001 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847168922 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847173929 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847177982 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847182989 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847187996 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847192049 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847197056 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.847208977 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.853883028 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859555960 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859570026 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859581947 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859601974 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859615088 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859627008 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859641075 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.859653950 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.886826992 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:31.886842966 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:32.120671988 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:32.231089115 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.104425907 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.110560894 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:51.227710962 CEST58764315192.185.143.105192.168.2.4
                    May 23, 2024 15:17:51.233119965 CEST64315587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.254914045 CEST64316587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.296492100 CEST58764316192.185.143.105192.168.2.4
                    May 23, 2024 15:17:51.296577930 CEST64316587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.750508070 CEST64316587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.756938934 CEST58764316192.185.143.105192.168.2.4
                    May 23, 2024 15:17:51.757323980 CEST64316587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.798755884 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:51.812180996 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:51.812273026 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.325234890 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.325510025 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.332523108 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.439522982 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.440138102 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.445086002 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.558388948 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.558825016 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.567452908 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.688987017 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.689563990 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.689651966 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.694901943 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.696814060 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.710056067 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.710133076 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.728146076 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.850538969 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:52.851522923 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:52.874623060 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.002675056 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.002896070 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.021944046 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.132549047 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.132807970 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.187153101 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.462085009 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.462327003 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.468004942 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.577410936 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.577651024 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.582576036 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.702528000 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.710545063 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.715754032 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.825046062 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.841191053 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.846216917 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.850866079 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.850866079 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.851052999 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.855875969 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.860013008 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.860786915 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865550041 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865561962 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865571022 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865581989 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865592003 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865601063 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865611076 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865621090 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865639925 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.865643024 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.865643024 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.865670919 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.865696907 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.870575905 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.870630026 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.877985001 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.878098965 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.883136988 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.883474112 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.888359070 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888371944 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888381004 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888391018 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888401031 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888411045 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888421059 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888431072 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888437033 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.888439894 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888449907 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888459921 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888470888 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.888477087 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:17:53.888480902 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.893107891 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.893122911 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.893132925 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898190975 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898205042 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898214102 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898225069 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898232937 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898241997 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898252010 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898268938 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898278952 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898288012 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898297071 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898307085 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898319006 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898328066 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.898336887 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:53.947298050 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:54.188080072 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:17:54.231194973 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:01.192770004 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:01.206065893 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:18:01.318979979 CEST58764317192.185.143.105192.168.2.4
                    May 23, 2024 15:18:01.323626995 CEST64317587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:01.326199055 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:01.378804922 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:01.382808924 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:01.918278933 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:01.918392897 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:01.923336983 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.032111883 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.032299042 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.037370920 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.146351099 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.146965981 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.152272940 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.277090073 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.280550957 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.280599117 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.282772064 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.282778978 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.282869101 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.284511089 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.331296921 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.331567049 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.337215900 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.441219091 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.446504116 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.451952934 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.559305906 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.559706926 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.568300009 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.677892923 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.678227901 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.683237076 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.793832064 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.794056892 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.799020052 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.906920910 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:02.907607079 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:02.912684917 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.027193069 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.031328917 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.036448002 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.149343967 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.160475969 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.160604000 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.160660982 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.161077023 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.163239956 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.165421009 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.166270971 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.171492100 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171497107 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171506882 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171511889 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171520948 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171525002 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171530008 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171535015 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.171644926 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.176453114 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.178555012 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.184036016 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184048891 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184052944 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184061050 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184063911 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184068918 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184078932 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184082985 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.184201002 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.184241056 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.188822031 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.188827038 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.190643072 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.193609953 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193614006 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193624973 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193629026 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193639040 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193641901 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193645954 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193655968 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193659067 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193662882 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193671942 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193675995 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193686008 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193689108 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193694115 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.193698883 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193702936 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193712950 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193717003 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193726063 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.193728924 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.198587894 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.198599100 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.198612928 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.198617935 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.198621988 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.198633909 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.203351021 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.203356981 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.203371048 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.203376055 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.203386068 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.203389883 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.251981974 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.481517076 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.613888025 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.627490997 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.664884090 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.771787882 CEST58764318192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.772330999 CEST64318587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.773497105 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:03.824523926 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:03.824609041 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:04.482768059 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.483063936 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:04.492430925 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.613015890 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.615308046 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:04.620261908 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.733030081 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.734903097 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:04.740062952 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.865344048 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.865442991 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.865767956 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:04.870871067 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.872750998 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:04.878182888 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.992319107 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:04.996038914 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.001024961 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.110342979 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.110796928 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.115741014 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.243819952 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.245476007 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.250417948 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.363178015 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.363650084 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.373066902 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.482368946 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.482635021 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.488066912 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.605309010 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.606437922 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.611357927 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.743545055 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.743912935 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.743998051 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.744056940 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.744102001 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.745469093 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.748892069 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.748938084 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.753715038 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.753729105 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.753741980 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.753755093 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.753767014 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.753779888 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.753781080 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.753803968 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.753803968 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.753823042 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.753845930 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.760941982 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.760989904 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.768217087 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.768230915 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.768273115 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.768313885 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.773101091 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.773159027 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.778013945 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778027058 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778039932 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778053045 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778065920 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.778067112 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778065920 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.778079987 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778093100 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.778096914 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.778105974 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782748938 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782762051 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782773972 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782787085 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782799006 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782810926 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.782824039 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787487030 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787499905 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787512064 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787524939 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787537098 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787549019 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787564039 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787576914 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.787581921 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.809359074 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:05.814358950 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.814380884 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:05.859318972 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:06.112976074 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:06.153022051 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.026309013 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.064690113 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:12.176249027 CEST58764319192.185.143.105192.168.2.4
                    May 23, 2024 15:18:12.176734924 CEST64319587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.177618980 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.229707003 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:12.229789972 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.823180914 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:12.871948957 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.935652971 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:12.940829992 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.048638105 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.050879955 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:13.055876970 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.166831970 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.174062014 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:13.179219007 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.301402092 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.302377939 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.306159019 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.306178093 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.306205034 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:13.309648037 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:13.347729921 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:13.354402065 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:14.642955065 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:14.648014069 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:14.755819082 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:14.756742954 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:14.761671066 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:14.887473106 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:14.887839079 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:14.892750978 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.002155066 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.002422094 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.012108088 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.145827055 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.146044970 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.154392004 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.266856909 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.267091990 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.276942968 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.401601076 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.402726889 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.410062075 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.515208006 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.515630960 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.515718937 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.515759945 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.517021894 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.517021894 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.521028042 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.521246910 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.526020050 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526026011 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526035070 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526038885 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526047945 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526051998 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526061058 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526065111 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526072979 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.526169062 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.530963898 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535903931 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535908937 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535918951 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535922050 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535931110 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535933971 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.535938025 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.536134005 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.541479111 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.546489954 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.546503067 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.546641111 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.546675920 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:15.560481071 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561110020 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561114073 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561124086 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561126947 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561131001 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561134100 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561136961 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561140060 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561144114 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561146975 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561150074 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561157942 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561161995 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561172962 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561177015 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561188936 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561197042 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561201096 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561203957 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561212063 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.561216116 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.568845987 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.573870897 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.573875904 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.838562012 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:15.981210947 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.064848900 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.069871902 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:36.177439928 CEST58764320192.185.143.105192.168.2.4
                    May 23, 2024 15:18:36.177946091 CEST64320587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.181119919 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.232536077 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:36.232647896 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.761584997 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:36.761774063 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.766722918 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:36.877219915 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:36.877370119 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:36.882445097 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.004580021 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.005064964 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.009957075 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.136159897 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.137310028 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.137375116 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.140901089 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.140918970 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.140978098 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.142182112 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.192214012 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.192326069 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.198566914 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.303345919 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.304217100 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.309307098 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.419867992 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.420135975 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.425461054 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.537884951 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.538737059 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.543674946 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.774812937 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.775104046 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.780981064 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.903587103 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:37.905661106 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:37.959409952 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.032196045 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.035100937 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.040163040 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.150158882 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.178091049 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.178091049 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.178164005 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.178164005 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.183078051 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.191582918 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.196270943 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.201373100 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.201383114 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.201519012 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.206228018 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206235886 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206245899 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206249952 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206253052 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206262112 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206264973 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206268072 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206275940 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.206322908 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.206360102 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.212131023 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.212219954 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.219984055 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.219993114 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.219996929 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.220000982 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.220117092 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.220153093 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.224777937 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.224801064 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.225275040 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.229604006 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229613066 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229621887 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229625940 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229634047 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229638100 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229646921 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229650974 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229657888 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229661942 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229670048 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229672909 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229676008 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229680061 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229684114 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229688883 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229696035 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229698896 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229707956 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.229721069 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:38.234384060 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234391928 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234395981 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234399080 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234406948 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234411001 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234419107 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234422922 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.234433889 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.239203930 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.239212990 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.239223957 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.239227057 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.291393995 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.524033070 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:38.574997902 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:46.679604053 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:46.684587955 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:46.797693014 CEST58764321192.185.143.105192.168.2.4
                    May 23, 2024 15:18:46.802598953 CEST64321587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:46.815246105 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:46.856707096 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:46.856797934 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.419329882 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.419615984 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.424557924 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.538628101 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.538777113 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.544224024 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.654336929 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.654767036 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.659971952 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.784867048 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.785772085 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.789613962 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.789659023 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.827295065 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.876352072 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.981647968 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:47.983257055 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:47.988286018 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.096546888 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.097074032 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:48.102560997 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.213695049 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.279258013 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:48.351258039 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:48.356393099 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.466984034 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.487433910 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:48.492403030 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.615417004 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.615710020 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:48.620687008 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.742269039 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:48.965714931 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:49.907417059 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:49.961122036 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.068026066 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.068587065 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.068674088 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.068710089 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.068850994 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.070636034 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.073664904 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.073724031 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.078607082 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078619003 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078627110 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078636885 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078663111 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078670979 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078679085 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078685999 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078691006 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.078695059 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078702927 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078711033 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.078774929 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.078800917 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.083293915 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.083340883 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.088121891 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088131905 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088139057 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088150024 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088157892 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088165998 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088169098 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.088175058 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088182926 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088192940 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.088207960 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.088238955 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.088238955 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.088275909 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.092880964 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.092952013 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.097683907 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097697973 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097706079 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097709894 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097712994 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097716093 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097729921 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097737074 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.097738028 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097747087 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097755909 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.097755909 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.097767115 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:50.102634907 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151374102 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151391983 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151395082 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151398897 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151401997 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151411057 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151418924 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151426077 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151434898 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151443005 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.151465893 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.383413076 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:50.481372118 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:59.854729891 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:59.859761000 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:59.967170954 CEST58764322192.185.143.105192.168.2.4
                    May 23, 2024 15:18:59.967688084 CEST64322587192.168.2.4192.185.143.105
                    May 23, 2024 15:18:59.968872070 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:00.024697065 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.024806976 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:00.560369015 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.560921907 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:00.604724884 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.714767933 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.714947939 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:00.719842911 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.831810951 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.832242966 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:00.842926979 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.969624043 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.969938993 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.970030069 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:00.974390030 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:00.975939035 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:01.025007963 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.134629011 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.138516903 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:01.143649101 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.256230116 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.256414890 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:01.261302948 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.370958090 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.371385098 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:01.378712893 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.492435932 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.492790937 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:01.497818947 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.609946012 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.610194921 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:01.615178108 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.734253883 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:01.793824911 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:03.633025885 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:03.633852959 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:03.637959957 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:03.670751095 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:03.687338114 CEST58764323192.185.143.105192.168.2.4
                    May 23, 2024 15:19:03.687406063 CEST64323587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:03.692662001 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:03.692744017 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.269988060 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.270509005 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.275432110 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.383013010 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.383297920 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.388832092 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.504089117 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.505023003 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.515733957 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.639226913 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.639245033 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.639342070 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.646449089 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.646461964 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.646522999 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.647882938 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.700833082 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.808499098 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.809246063 CEST64324587192.168.2.4192.185.143.105
                    May 23, 2024 15:19:04.814162970 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.921921968 CEST58764324192.185.143.105192.168.2.4
                    May 23, 2024 15:19:04.965734959 CEST64324587192.168.2.4192.185.143.105

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 23, 2024 15:14:57.248487949 CEST5945153192.168.2.41.1.1.1
                    May 23, 2024 15:14:57.258470058 CEST53594511.1.1.1192.168.2.4
                    May 23, 2024 15:14:58.164367914 CEST6115353192.168.2.41.1.1.1
                    May 23, 2024 15:14:58.210863113 CEST53611531.1.1.1192.168.2.4
                    May 23, 2024 15:14:59.859242916 CEST5752853192.168.2.41.1.1.1
                    May 23, 2024 15:15:00.108640909 CEST53575281.1.1.1192.168.2.4
                    May 23, 2024 15:15:17.925806046 CEST53648541.1.1.1192.168.2.4

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    May 23, 2024 15:14:57.248487949 CEST192.168.2.41.1.1.10x8eaStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                    May 23, 2024 15:14:58.164367914 CEST192.168.2.41.1.1.10xfddcStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                    May 23, 2024 15:14:59.859242916 CEST192.168.2.41.1.1.10x714bStandard query (0)mail.alitextile.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    May 23, 2024 15:14:57.258470058 CEST1.1.1.1192.168.2.40x8eaNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                    May 23, 2024 15:14:57.258470058 CEST1.1.1.1192.168.2.40x8eaNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                    May 23, 2024 15:14:57.258470058 CEST1.1.1.1192.168.2.40x8eaNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                    May 23, 2024 15:14:58.210863113 CEST1.1.1.1192.168.2.40xfddcNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                    May 23, 2024 15:15:00.108640909 CEST1.1.1.1192.168.2.40x714bNo error (0)mail.alitextile.com192.185.143.105A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • api.ipify.org
                    • ip-api.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449733208.95.112.1806972C:\Users\user\Desktop\PO_23052024.exe
                    TimestampBytes transferredDirectionData
                    May 23, 2024 15:14:58.218795061 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                    Host: ip-api.com
                    Connection: Keep-Alive
                    May 23, 2024 15:14:58.720228910 CEST175INHTTP/1.1 200 OK
                    Date: Thu, 23 May 2024 13:14:57 GMT
                    Content-Type: text/plain; charset=utf-8
                    Content-Length: 6
                    Access-Control-Allow-Origin: *
                    X-Ttl: 60
                    X-Rl: 44
                    Data Raw: 66 61 6c 73 65 0a
                    Data Ascii: false


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449732104.26.12.2054436972C:\Users\user\Desktop\PO_23052024.exe
                    TimestampBytes transferredDirectionData
                    2024-05-23 13:14:57 UTC155OUTGET / HTTP/1.1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                    Host: api.ipify.org
                    Connection: Keep-Alive
                    2024-05-23 13:14:58 UTC211INHTTP/1.1 200 OK
                    Date: Thu, 23 May 2024 13:14:58 GMT
                    Content-Type: text/plain
                    Content-Length: 12
                    Connection: close
                    Vary: Origin
                    CF-Cache-Status: DYNAMIC
                    Server: cloudflare
                    CF-RAY: 88854fe08e5d8c45-EWR
                    2024-05-23 13:14:58 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35
                    Data Ascii: 8.46.123.175


                    SMTP Packets

                    TimestampSource PortDest PortSource IPDest IPCommands
                    May 23, 2024 15:15:00.707441092 CEST58749734192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:15:00 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:15:00.707745075 CEST49734587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:15:00.825196981 CEST58749734192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:15:00.825453043 CEST49734587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:15:00.942614079 CEST58749734192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:16:44.396500111 CEST58764310192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:16:44 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:16:44.396652937 CEST64310587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:16:44.539321899 CEST58764310192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:16:44.539949894 CEST64310587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:16:44.656542063 CEST58764310192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:16:47.479321003 CEST58764311192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:16:47 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:16:47.479827881 CEST64311587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:16:47.594204903 CEST58764311192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:16:47.800262928 CEST64311587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:16:47.916765928 CEST58764311192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:16:53.651254892 CEST58764312192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:16:53 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:16:53.651408911 CEST64312587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:16:53.776645899 CEST58764312192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:16:53.776813030 CEST64312587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:16:53.896958113 CEST58764312192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:17:10.672323942 CEST58764313192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:17:10 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:10.672744989 CEST64313587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:17:10.872759104 CEST58764313192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:10.873032093 CEST64313587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:17:10.998703003 CEST58764313192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:17:20.205591917 CEST58764314192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:17:20 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:20.205835104 CEST64314587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:17:20.353646994 CEST58764314192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:20.359181881 CEST64314587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:17:20.475250006 CEST58764314192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:17:30.300381899 CEST58764315192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:17:30 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:30.300584078 CEST64315587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:17:30.435539007 CEST58764315192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:30.435772896 CEST64315587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:17:30.555094004 CEST58764315192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:17:52.325234890 CEST58764317192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:17:52 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:52.325510025 CEST64317587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:17:52.439522982 CEST58764317192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:52.440138102 CEST64317587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:17:52.558388948 CEST58764317192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:18:01.918278933 CEST58764318192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:18:01 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:01.918392897 CEST64318587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:18:02.032111883 CEST58764318192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:02.032299042 CEST64318587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:18:02.146351099 CEST58764318192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:18:04.482768059 CEST58764319192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:18:04 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:04.483063936 CEST64319587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:18:04.613015890 CEST58764319192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:04.615308046 CEST64319587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:18:04.733030081 CEST58764319192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:18:12.823180914 CEST58764320192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:18:12 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:12.935652971 CEST64320587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:18:13.048638105 CEST58764320192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:13.050879955 CEST64320587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:18:13.166831970 CEST58764320192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:18:36.761584997 CEST58764321192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:18:36 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:36.761774063 CEST64321587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:18:36.877219915 CEST58764321192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:36.877370119 CEST64321587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:18:37.004580021 CEST58764321192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:18:47.419329882 CEST58764322192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:18:47 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:47.419615984 CEST64322587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:18:47.538628101 CEST58764322192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:47.538777113 CEST64322587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:18:47.654336929 CEST58764322192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:19:00.560369015 CEST58764323192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:19:00 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:19:00.560921907 CEST64323587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:19:00.714767933 CEST58764323192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:19:00.714947939 CEST64323587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:19:00.831810951 CEST58764323192.185.143.105192.168.2.4220 TLS go ahead
                    May 23, 2024 15:19:04.269988060 CEST58764324192.185.143.105192.168.2.4220-cutlass.websitewelcome.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 08:19:04 -0500
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:19:04.270509005 CEST64324587192.168.2.4192.185.143.105EHLO 715575
                    May 23, 2024 15:19:04.383013010 CEST58764324192.185.143.105192.168.2.4250-cutlass.websitewelcome.com Hello 715575 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-AUTH PLAIN LOGIN
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:19:04.383297920 CEST64324587192.168.2.4192.185.143.105STARTTLS
                    May 23, 2024 15:19:04.504089117 CEST58764324192.185.143.105192.168.2.4220 TLS go ahead

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:09:14:53
                    Start date:23/05/2024
                    Path:C:\Users\user\Desktop\PO_23052024.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\PO_23052024.exe"
                    Imagebase:0xfc0000
                    File size:924'168 bytes
                    MD5 hash:23626A822AFB45C288ACF9FABBEF5AD1
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1653270109.0000000004469000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1653270109.00000000046D6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:1
                    Start time:09:14:55
                    Start date:23/05/2024
                    Path:C:\Users\user\Desktop\PO_23052024.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\PO_23052024.exe"
                    Imagebase:0xcb0000
                    File size:924'168 bytes
                    MD5 hash:23626A822AFB45C288ACF9FABBEF5AD1
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4100635153.000000000320D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.4098049822.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:8.7%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:52
                      Total number of Limit Nodes:9
                      execution_graph 16153 172acd0 16157 172adc8 16153->16157 16165 172adb8 16153->16165 16154 172acdf 16158 172add9 16157->16158 16159 172adfc 16157->16159 16158->16159 16173 172b060 16158->16173 16177 172b050 16158->16177 16159->16154 16160 172adf4 16160->16159 16161 172b000 GetModuleHandleW 16160->16161 16162 172b02d 16161->16162 16162->16154 16166 172add9 16165->16166 16167 172adfc 16165->16167 16166->16167 16171 172b060 LoadLibraryExW 16166->16171 16172 172b050 LoadLibraryExW 16166->16172 16167->16154 16168 172adf4 16168->16167 16169 172b000 GetModuleHandleW 16168->16169 16170 172b02d 16169->16170 16170->16154 16171->16168 16172->16168 16174 172b074 16173->16174 16175 172b099 16174->16175 16181 172a188 16174->16181 16175->16160 16178 172b074 16177->16178 16179 172a188 LoadLibraryExW 16178->16179 16180 172b099 16178->16180 16179->16180 16180->16160 16182 172b240 LoadLibraryExW 16181->16182 16184 172b2b9 16182->16184 16184->16175 16185 172d6a0 DuplicateHandle 16186 172d736 16185->16186 16187 1724668 16188 172467a 16187->16188 16189 1724686 16188->16189 16191 1724778 16188->16191 16192 172479d 16191->16192 16196 1724878 16192->16196 16200 1724888 16192->16200 16198 17248af 16196->16198 16197 172498c 16197->16197 16198->16197 16204 172449c 16198->16204 16202 17248af 16200->16202 16201 172498c 16201->16201 16202->16201 16203 172449c CreateActCtxA 16202->16203 16203->16201 16205 1725918 CreateActCtxA 16204->16205 16207 17259db 16205->16207 16208 172d458 16209 172d49e GetCurrentProcess 16208->16209 16211 172d4f0 GetCurrentThread 16209->16211 16212 172d4e9 16209->16212 16213 172d526 16211->16213 16214 172d52d GetCurrentProcess 16211->16214 16212->16211 16213->16214 16215 172d563 16214->16215 16216 172d58b GetCurrentThreadId 16215->16216 16217 172d5bc 16216->16217

                      Executed Functions

                      Function 0172D449 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 294 172d449-172d4e7 GetCurrentProcess 298 172d4f0-172d524 GetCurrentThread 294->298 299 172d4e9-172d4ef 294->299 300 172d526-172d52c 298->300 301 172d52d-172d561 GetCurrentProcess 298->301 299->298 300->301 303 172d563-172d569 301->303 304 172d56a-172d585 call 172d628 301->304 303->304 306 172d58b-172d5ba GetCurrentThreadId 304->306 308 172d5c3-172d625 306->308 309 172d5bc-172d5c2 306->309 309->308
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 0172D4D6
                      • GetCurrentThread.KERNEL32 ref: 0172D513
                      • GetCurrentProcess.KERNEL32 ref: 0172D550
                      • GetCurrentThreadId.KERNEL32 ref: 0172D5A9
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 3418dd0a61c50525161301accaffebfc26b68cc01318fd61b7da8f1530679773
                      • Instruction ID: 0c6b0c7fa16e56a887623d75faee6d5121dc92dc2195942fe8b733c2de155e8b
                      • Opcode Fuzzy Hash: 3418dd0a61c50525161301accaffebfc26b68cc01318fd61b7da8f1530679773
                      • Instruction Fuzzy Hash: B95157B09002198FDB14DFAAD548BDEBBF1EF88304F248469E419BB260DB749945CF65
                      Function 0172D458 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 316 172d458-172d4e7 GetCurrentProcess 320 172d4f0-172d524 GetCurrentThread 316->320 321 172d4e9-172d4ef 316->321 322 172d526-172d52c 320->322 323 172d52d-172d561 GetCurrentProcess 320->323 321->320 322->323 325 172d563-172d569 323->325 326 172d56a-172d585 call 172d628 323->326 325->326 328 172d58b-172d5ba GetCurrentThreadId 326->328 330 172d5c3-172d625 328->330 331 172d5bc-172d5c2 328->331 331->330
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 0172D4D6
                      • GetCurrentThread.KERNEL32 ref: 0172D513
                      • GetCurrentProcess.KERNEL32 ref: 0172D550
                      • GetCurrentThreadId.KERNEL32 ref: 0172D5A9
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: e31787c35a0eda0fdd44378b740b7d9eb5c272468b8a4ab212cc4c3d67b3adc3
                      • Instruction ID: 911d067e919e346a46b8ac31f2b8c326975ed7a12fe5b76b9db28328078f7ce3
                      • Opcode Fuzzy Hash: e31787c35a0eda0fdd44378b740b7d9eb5c272468b8a4ab212cc4c3d67b3adc3
                      • Instruction Fuzzy Hash: 5B5128B09002198FDB14DFAAD548B9EFBF1FB88314F20C459E419BB260DB749945CF65
                      Function 0172ADC8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 360 172adc8-172add7 361 172ae03-172ae07 360->361 362 172add9-172ade6 call 17293f4 360->362 364 172ae1b-172ae5c 361->364 365 172ae09-172ae13 361->365 367 172ade8 362->367 368 172adfc 362->368 371 172ae69-172ae77 364->371 372 172ae5e-172ae66 364->372 365->364 415 172adee call 172b060 367->415 416 172adee call 172b050 367->416 368->361 373 172ae9b-172ae9d 371->373 374 172ae79-172ae7e 371->374 372->371 379 172aea0-172aea7 373->379 376 172ae80-172ae87 call 172a130 374->376 377 172ae89 374->377 375 172adf4-172adf6 375->368 378 172af38-172aff8 375->378 381 172ae8b-172ae99 376->381 377->381 410 172b000-172b02b GetModuleHandleW 378->410 411 172affa-172affd 378->411 382 172aeb4-172aebb 379->382 383 172aea9-172aeb1 379->383 381->379 385 172aec8-172aed1 call 172a140 382->385 386 172aebd-172aec5 382->386 383->382 391 172aed3-172aedb 385->391 392 172aede-172aee3 385->392 386->385 391->392 393 172af01-172af0e 392->393 394 172aee5-172aeec 392->394 401 172af10-172af2e 393->401 402 172af31-172af37 393->402 394->393 396 172aeee-172aefe call 172a150 call 172a160 394->396 396->393 401->402 412 172b034-172b048 410->412 413 172b02d-172b033 410->413 411->410 413->412 415->375 416->375
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0172B01E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 59e2bc769e6fbeb171efd6c11e069abddaf475e8c276a23b6eae0046ab116219
                      • Instruction ID: 010ac09e75d7f666cd0475db51a1c944698aebfd258eebc22e71e16791824ba5
                      • Opcode Fuzzy Hash: 59e2bc769e6fbeb171efd6c11e069abddaf475e8c276a23b6eae0046ab116219
                      • Instruction Fuzzy Hash: 04712270A00B158FEB24DF29D44575ABBF1FF88304F108A2DD48ADBA50DB75E84ACB91
                      Function 0172590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 417 172590c-17259d9 CreateActCtxA 419 17259e2-1725a3c 417->419 420 17259db-17259e1 417->420 427 1725a4b-1725a4f 419->427 428 1725a3e-1725a41 419->428 420->419 429 1725a60 427->429 430 1725a51-1725a5d 427->430 428->427 432 1725a61 429->432 430->429 432->432
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 017259C9
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: e19f3b2a5e72fcfb3bb464b858b7a929ff01cbd8203afa505cef31c9d65581b8
                      • Instruction ID: b85272d53a87c68e97cbbd1278766cd626335443260e7798503f67e38ffbf4b3
                      • Opcode Fuzzy Hash: e19f3b2a5e72fcfb3bb464b858b7a929ff01cbd8203afa505cef31c9d65581b8
                      • Instruction Fuzzy Hash: A441E0B0C00629CFDB24CFAAC885ADDBBB5BF49304F24806AD409AB255DBB55946CF90
                      Function 0172449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 433 172449c-17259d9 CreateActCtxA 436 17259e2-1725a3c 433->436 437 17259db-17259e1 433->437 444 1725a4b-1725a4f 436->444 445 1725a3e-1725a41 436->445 437->436 446 1725a60 444->446 447 1725a51-1725a5d 444->447 445->444 449 1725a61 446->449 447->446 449->449
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 017259C9
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 4f9ef82e6440675bd419321c81adc37b0c143da5d266a0a6c06e04ce354dec5c
                      • Instruction ID: 956403e2fb3cd15d0e5d822036009f47c2788ac0471d6c9d2395a89b90b68087
                      • Opcode Fuzzy Hash: 4f9ef82e6440675bd419321c81adc37b0c143da5d266a0a6c06e04ce354dec5c
                      • Instruction Fuzzy Hash: 0A41E1B0D00729CBDB24DFAAC844BDDBBB5BF49304F24806AD408AB255DBB55946CF90
                      Function 0172D698 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 450 172d698-172d734 DuplicateHandle 451 172d736-172d73c 450->451 452 172d73d-172d75a 450->452 451->452
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0172D727
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 2f1fe26bbda0db152ff3bbcf914382d162f7a6e8a0479fc5c0fb3fe631fccac7
                      • Instruction ID: e71d2b2d27c45b894eed85bdb4c7a69d2ed2efcad8741b5f89d8e035599f2e29
                      • Opcode Fuzzy Hash: 2f1fe26bbda0db152ff3bbcf914382d162f7a6e8a0479fc5c0fb3fe631fccac7
                      • Instruction Fuzzy Hash: CC21E3B59002589FDB10CFAAD584ADEFFF5EB48320F14841AE954A7310D378A945CFA4
                      Function 0172D6A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 455 172d6a0-172d734 DuplicateHandle 456 172d736-172d73c 455->456 457 172d73d-172d75a 455->457 456->457
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0172D727
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 5517a095cc6e66343da5724b506b79b9a0e8a4a35292b76ea992bb3f3d70a44b
                      • Instruction ID: 14732f92349d2e147677b72161af0be004c3c3c2425fa68f2b6bfbd415cc16f3
                      • Opcode Fuzzy Hash: 5517a095cc6e66343da5724b506b79b9a0e8a4a35292b76ea992bb3f3d70a44b
                      • Instruction Fuzzy Hash: A021C4B59002589FDB10CF9AD584ADEFFF4EB48310F14841AE954A7350D378A954CFA5
                      Function 0172A188 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 460 172a188-172b280 462 172b282-172b285 460->462 463 172b288-172b2b7 LoadLibraryExW 460->463 462->463 464 172b2c0-172b2dd 463->464 465 172b2b9-172b2bf 463->465 465->464
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0172B099,00000800,00000000,00000000), ref: 0172B2AA
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 025fc7d7533d65db7d591349e69bc8f1afebc275047c3bc043a58f30d529899f
                      • Instruction ID: 70fff56a51d65b6342199b2f4c775b89c00fa54b4efa8d8669c4d323e8cf85c9
                      • Opcode Fuzzy Hash: 025fc7d7533d65db7d591349e69bc8f1afebc275047c3bc043a58f30d529899f
                      • Instruction Fuzzy Hash: 231123B69043198FDB20CF9AC444BDEFBF4EB89320F10842AE519AB210C375A945CFA4
                      Function 0172B238 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 468 172b238-172b280 469 172b282-172b285 468->469 470 172b288-172b2b7 LoadLibraryExW 468->470 469->470 471 172b2c0-172b2dd 470->471 472 172b2b9-172b2bf 470->472 472->471
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0172B099,00000800,00000000,00000000), ref: 0172B2AA
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 6298193b769281ab7f6bcefc6107d707d7a6e14d53250b97e2a53c62164c0b1b
                      • Instruction ID: f18021614d655ed7cffc5242597b38dcf78e3541cc1b9461f17a1cd1a87c0967
                      • Opcode Fuzzy Hash: 6298193b769281ab7f6bcefc6107d707d7a6e14d53250b97e2a53c62164c0b1b
                      • Instruction Fuzzy Hash: 4D2114B69043598FDB20CFAAD884BDEFBF4EB88310F14842AD459A7210C375A546CFA5
                      Function 0172AFB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 475 172afb8-172aff8 476 172b000-172b02b GetModuleHandleW 475->476 477 172affa-172affd 475->477 478 172b034-172b048 476->478 479 172b02d-172b033 476->479 477->476 479->478
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0172B01E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: f3eb78995c7d7326054a213dc6242a26f9c57d3775b1f0bb5bec1430e52c6a18
                      • Instruction ID: aeb5dbb61b86bb292ee07c7d3984a6e88bfcbb28d83095c5c3b5a4dc309b1198
                      • Opcode Fuzzy Hash: f3eb78995c7d7326054a213dc6242a26f9c57d3775b1f0bb5bec1430e52c6a18
                      • Instruction Fuzzy Hash: AC1110B5C003598FDB20CF9AD444BDEFBF4EB88324F14842AD528A7210D379A545CFA1
                      Function 0158D1FC Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651826693.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_158d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 966e33e54cb8a01019913d3bdbe876e041b513ae36baa51e6b4ca6244e6f0d90
                      • Instruction ID: 0ddb5630805f271ff0464d402fef99fc45c0ad6d38a4d0b76c7aae070761a9ea
                      • Opcode Fuzzy Hash: 966e33e54cb8a01019913d3bdbe876e041b513ae36baa51e6b4ca6244e6f0d90
                      • Instruction Fuzzy Hash: 4A21F472504204DFDB06EF98D9C4B2ABFF5FB88320F20C569E9065E296C336D416CBA1
                      Function 0158D3D8 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651826693.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_158d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9fad40844872c349c984de2bb0245abcd3a28e4f9594c3262b0c342d0ebdf3eb
                      • Instruction ID: d2d28d36e8159dd8e8cc71a2703986964778df94d9aa4d08b27863317cc8d071
                      • Opcode Fuzzy Hash: 9fad40844872c349c984de2bb0245abcd3a28e4f9594c3262b0c342d0ebdf3eb
                      • Instruction Fuzzy Hash: 3A214871100204DFDB01EF48D9C0B5ABFF5FB84324F20C569D9091F2A6C376E446C6A1
                      Function 0159D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651997750.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_159d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b3e6e9c297b11e33f1e582f025835e8a7dba1fe33c07860a628e2e7df772f263
                      • Instruction ID: 00dfbe48ba87d42ea57407b0dffe9910d865167b8039cd5d593a6a31dea570b3
                      • Opcode Fuzzy Hash: b3e6e9c297b11e33f1e582f025835e8a7dba1fe33c07860a628e2e7df772f263
                      • Instruction Fuzzy Hash: 2B210071604200DFDF15DF68D984B2ABBB5FB84354F20C969D80A4F256D33AD446CA62
                      Function 0159D1D4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651997750.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_159d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4f175dc31adaa1ed8147230e0421d10199baad82a2383d2e4fa16ca46816fe51
                      • Instruction ID: 984a775e48c46cb2318fb3b499445bcc9df67e4264e17f26c72b421331ae5429
                      • Opcode Fuzzy Hash: 4f175dc31adaa1ed8147230e0421d10199baad82a2383d2e4fa16ca46816fe51
                      • Instruction Fuzzy Hash: 0A212971504200DFDF05DF98D6C0B2ABBB5FB84324F24C9ADD9094F296C33AD446CA62
                      Function 0159D006 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651997750.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_159d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ad12d037e148dd97e183e04848247494c9e249270dc2dec521abfcd6f1db811e
                      • Instruction ID: 07e1db9252aba8b810ec0cf09e98012d91cc805873e04b90b2a0c6060f6e1bd2
                      • Opcode Fuzzy Hash: ad12d037e148dd97e183e04848247494c9e249270dc2dec521abfcd6f1db811e
                      • Instruction Fuzzy Hash: 5B219D755093808FDB03CF64D994B15BF71FB46214F28C5EAD8498F2A7C33A980ACB62
                      Function 0158D1F7 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651826693.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_158d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                      • Instruction ID: 09a11bfbc23a3f31cc84c8cf87740bc43125d6693a79a8d135224ea273a5c156
                      • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                      • Instruction Fuzzy Hash: CC21CD76504244CFDB06DF44D9C4B1ABFB2FB84324F24C2A9DD094E296C33AD42ACBA1
                      Function 0158D3D3 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651826693.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_158d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction ID: 26258f6d8c2d73a48ad45a1da9cf832650579a4434c286964f599502f2907a6c
                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction Fuzzy Hash: 5311DF72504240DFDB02DF48D5C4B5ABFB1FB94324F24C2A9D9090F266C37AE45ACBA1
                      Function 0159D1CF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651997750.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_159d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: eaba8be20ddfaaebd46d1c18608070657f01d9fed6d966a8b3b35fa55c8f0ab0
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: B6118B75504280DFDF16CF54D5C4B19BFB1FB84224F28C6AAD8494F696C33AD44ACB62
                      Function 0158D745 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651826693.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_158d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 554b50ff5bc3e4e9c7212e4fb5b340c8deef927f627a56cd8d9317b2caff9b64
                      • Instruction ID: 8157f8ae93e7a2a9f0293d80babb320fa0964486dec50be895f6e9e4c6863d06
                      • Opcode Fuzzy Hash: 554b50ff5bc3e4e9c7212e4fb5b340c8deef927f627a56cd8d9317b2caff9b64
                      • Instruction Fuzzy Hash: 2901AC7110438499E7117E59CD84B5BBFE8FF41364F18C929ED099E1C6D6799440C671
                      Function 0158D744 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1651826693.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_158d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ffcdf02d8867011d2660b24dd773bf1217b4929dea97026efd8252955d64215
                      • Instruction ID: e670a5003e8eec189a427c2fe4ddcbe018f672bc5a1a1a1144c3eb146867d448
                      • Opcode Fuzzy Hash: 6ffcdf02d8867011d2660b24dd773bf1217b4929dea97026efd8252955d64215
                      • Instruction Fuzzy Hash: FFF062715043849AE711AE1AC888B66FFE8EF81634F18C45AED089E287C2799844CAB1

                      Non-executed Functions

                      Function 0172D384 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1652365295.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_1720000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a62e311acc5648be99b606803e1e4bfa4fa732ea99a21cfd609f09e44051e29b
                      • Instruction ID: a3479ff8c5943252214da772093db909b0c94f63f8ef12074bdfec4758642eb3
                      • Opcode Fuzzy Hash: a62e311acc5648be99b606803e1e4bfa4fa732ea99a21cfd609f09e44051e29b
                      • Instruction Fuzzy Hash: C3A19136E00229CFCF15DFB4C94499EFBB2FF84300B15816AE906AB265DB75E956CB40

                      Execution Graph

                      Execution Coverage:12.1%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:2.2%
                      Total number of Nodes:270
                      Total number of Limit Nodes:24
                      execution_graph 42792 6e8f5d8 42793 6e8f640 CreateWindowExW 42792->42793 42795 6e8f6fc 42793->42795 42795->42795 42796 2fb8c88 42797 2fb8c92 42796->42797 42798 2fb8cac 42797->42798 42801 6e8aeb7 42797->42801 42806 6e8aec8 42797->42806 42802 6e8aebc 42801->42802 42803 6e8b0ee 42802->42803 42804 6e8b118 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42802->42804 42805 6e8b117 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42802->42805 42803->42798 42804->42802 42805->42802 42807 6e8aedd 42806->42807 42808 6e8b0ee 42807->42808 42809 6e8b117 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42807->42809 42810 6e8b118 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 42807->42810 42808->42798 42809->42807 42810->42807 42811 2fb0848 42812 2fb084e 42811->42812 42813 2fb091b 42812->42813 42817 2fb137f 42812->42817 42824 6ee5940 42812->42824 42828 6ee592f 42812->42828 42819 2fb1383 42817->42819 42818 2fb14aa 42818->42812 42819->42818 42832 6e8c948 42819->42832 42836 6e8c937 42819->42836 42840 6ee51a8 42819->42840 42846 6ee5199 42819->42846 42825 6ee594f 42824->42825 42903 6ee48b8 42825->42903 42829 6ee5940 42828->42829 42830 6ee48b8 3 API calls 42829->42830 42831 6ee596f 42830->42831 42831->42812 42833 6e8c95a 42832->42833 42835 6e8c9d1 42833->42835 42852 6e8c57c 42833->42852 42835->42819 42837 6e8c948 42836->42837 42838 6e8c9d1 42837->42838 42839 6e8c57c GetModuleHandleW 42837->42839 42838->42819 42839->42838 42841 6ee51b0 42840->42841 42842 6ee51f5 42841->42842 42887 6ee528a 42841->42887 42891 6ee5207 42841->42891 42895 6ee5208 42841->42895 42842->42819 42847 6ee51a8 42846->42847 42848 6ee51f5 42847->42848 42849 6ee528a SetWindowsHookExA 42847->42849 42850 6ee5208 SetWindowsHookExA 42847->42850 42851 6ee5207 SetWindowsHookExA 42847->42851 42848->42819 42849->42847 42850->42847 42851->42847 42853 6e8c587 42852->42853 42857 6e8db08 42853->42857 42864 6e8db07 42853->42864 42854 6e8cbaa 42854->42835 42858 6e8db33 42857->42858 42871 6e8e07f 42858->42871 42875 6e8e080 42858->42875 42859 6e8dbb6 42860 6e8d540 GetModuleHandleW 42859->42860 42861 6e8dbe2 42859->42861 42860->42861 42865 6e8db33 42864->42865 42869 6e8e07f GetModuleHandleW 42865->42869 42870 6e8e080 GetModuleHandleW 42865->42870 42866 6e8dbb6 42867 6e8dbe2 42866->42867 42868 6e8d540 GetModuleHandleW 42866->42868 42867->42867 42868->42867 42869->42866 42870->42866 42872 6e8e0ad 42871->42872 42873 6e8e12e 42872->42873 42879 6e8e24f 42872->42879 42876 6e8e0ad 42875->42876 42877 6e8e12e 42876->42877 42878 6e8e24f GetModuleHandleW 42876->42878 42878->42877 42880 6e8e25a 42879->42880 42881 6e8d540 GetModuleHandleW 42880->42881 42882 6e8e37a 42881->42882 42883 6e8e3f4 42882->42883 42884 6e8d540 GetModuleHandleW 42882->42884 42883->42873 42885 6e8e3c8 42884->42885 42885->42883 42886 6e8d540 GetModuleHandleW 42885->42886 42886->42883 42890 6ee5245 42887->42890 42888 6ee5298 42888->42841 42890->42888 42899 6ee46d8 42890->42899 42892 6ee5225 42891->42892 42893 6ee5298 42892->42893 42894 6ee46d8 SetWindowsHookExA 42892->42894 42893->42841 42894->42892 42897 6ee5225 42895->42897 42896 6ee5298 42896->42841 42897->42896 42898 6ee46d8 SetWindowsHookExA 42897->42898 42898->42897 42901 6ee52b0 SetWindowsHookExA 42899->42901 42902 6ee533a 42901->42902 42902->42890 42904 6ee48c3 42903->42904 42907 6ee5a3c 42904->42907 42906 6ee5e4e 42906->42906 42908 6ee5a47 42907->42908 42909 6ee6169 42908->42909 42913 6ee74e1 42908->42913 42919 6ee7518 42908->42919 42924 6ee7528 42908->42924 42909->42906 42914 6ee74ea 42913->42914 42916 6ee7533 42913->42916 42914->42909 42915 6ee756d 42915->42909 42916->42915 42929 6ee76d8 42916->42929 42933 6ee76c7 42916->42933 42921 6ee7533 42919->42921 42920 6ee756d 42920->42909 42921->42920 42922 6ee76d8 3 API calls 42921->42922 42923 6ee76c7 3 API calls 42921->42923 42922->42920 42923->42920 42926 6ee7533 42924->42926 42925 6ee756d 42925->42909 42926->42925 42927 6ee76d8 3 API calls 42926->42927 42928 6ee76c7 3 API calls 42926->42928 42927->42925 42928->42925 42931 6ee76e5 42929->42931 42930 6ee771e 42930->42915 42931->42930 42937 6ee6444 42931->42937 42935 6ee76d8 42933->42935 42934 6ee771e 42934->42915 42935->42934 42936 6ee6444 3 API calls 42935->42936 42936->42934 42938 6ee644f 42937->42938 42940 6ee7790 42938->42940 42941 6ee6478 42938->42941 42940->42940 42942 6ee6483 42941->42942 42948 6ee6488 42942->42948 42944 6ee77ff 42952 6eec258 42944->42952 42960 6eec270 42944->42960 42945 6ee7839 42945->42940 42949 6ee6493 42948->42949 42950 6ee8430 42949->42950 42951 6ee7528 3 API calls 42949->42951 42950->42944 42951->42950 42953 6eec270 42952->42953 42954 6eec2ad 42953->42954 42969 6eec4e8 42953->42969 42972 6eec4d9 42953->42972 42954->42945 42955 6eec2ed 42956 6e8db08 GetModuleHandleW 42955->42956 42957 6e8db07 GetModuleHandleW 42955->42957 42956->42954 42957->42954 42962 6eec3a1 42960->42962 42963 6eec2a1 42960->42963 42961 6eec2ad 42961->42945 42962->42945 42963->42961 42967 6eec4e8 3 API calls 42963->42967 42968 6eec4d9 3 API calls 42963->42968 42964 6eec2ed 42965 6e8db08 GetModuleHandleW 42964->42965 42966 6e8db07 GetModuleHandleW 42964->42966 42965->42962 42966->42962 42967->42964 42968->42964 42976 6eec527 42969->42976 42970 6eec4f2 42970->42955 42973 6eec4e8 42972->42973 42975 6eec527 3 API calls 42973->42975 42974 6eec4f2 42974->42955 42975->42974 42977 6eec539 42976->42977 42980 6eec55c 42976->42980 42982 6e8e52f GetModuleHandleW 42977->42982 42983 6e8d540 GetModuleHandleW 42977->42983 42978 6eec544 42978->42980 42984 6eec718 LoadLibraryExW 42978->42984 42985 6eec527 GetModuleHandleW GetModuleHandleW LoadLibraryExW 42978->42985 42979 6eec554 42979->42980 42981 6eeb4dc LoadLibraryExW 42979->42981 42980->42970 42981->42980 42982->42978 42983->42978 42984->42979 42985->42979 42684 6ee38c8 42685 6ee3922 OleGetClipboard 42684->42685 42686 6ee3962 42685->42686 42687 2e2d044 42688 2e2d05c 42687->42688 42689 2e2d0b6 42688->42689 42696 6ee28cf 42688->42696 42707 6ee28c1 42688->42707 42719 6e8d664 42688->42719 42723 6e8f790 42688->42723 42727 6e8f78f 42688->42727 42731 6ee28e8 42688->42731 42699 6ee2915 42696->42699 42697 6ee2949 42766 6ee17f4 42697->42766 42699->42697 42700 6ee2939 42699->42700 42742 6eeccd8 42700->42742 42747 6eeccc8 42700->42747 42752 6ee2a6f 42700->42752 42756 6eecda4 42700->42756 42762 6ee2a70 42700->42762 42701 6ee2947 42701->42701 42708 6ee28ca 42707->42708 42710 6ee28da 42707->42710 42708->42689 42709 6ee2949 42711 6ee17f4 CallWindowProcW 42709->42711 42710->42709 42712 6ee2939 42710->42712 42713 6ee2947 42711->42713 42714 6ee2a6f CallWindowProcW 42712->42714 42715 6eeccc8 CallWindowProcW 42712->42715 42716 6eeccd8 CallWindowProcW 42712->42716 42717 6eecda4 CallWindowProcW 42712->42717 42718 6ee2a70 CallWindowProcW 42712->42718 42713->42713 42714->42713 42715->42713 42716->42713 42717->42713 42718->42713 42720 6e8d66f 42719->42720 42781 6e8d69c 42720->42781 42722 6e8f8c7 42722->42689 42724 6e8f7b6 42723->42724 42725 6e8d664 GetModuleHandleW 42724->42725 42726 6e8f7c2 42725->42726 42726->42689 42728 6e8f7b6 42727->42728 42729 6e8d664 GetModuleHandleW 42728->42729 42730 6e8f7c2 42729->42730 42730->42689 42734 6ee2915 42731->42734 42732 6ee2949 42733 6ee17f4 CallWindowProcW 42732->42733 42736 6ee2947 42733->42736 42734->42732 42735 6ee2939 42734->42735 42737 6ee2a6f CallWindowProcW 42735->42737 42738 6eeccc8 CallWindowProcW 42735->42738 42739 6eeccd8 CallWindowProcW 42735->42739 42740 6eecda4 CallWindowProcW 42735->42740 42741 6ee2a70 CallWindowProcW 42735->42741 42736->42736 42737->42736 42738->42736 42739->42736 42740->42736 42741->42736 42744 6eeccec 42742->42744 42743 6eecd78 42743->42701 42770 6eecd80 42744->42770 42774 6eecd90 42744->42774 42749 6eeccd8 42747->42749 42748 6eecd78 42748->42701 42750 6eecd80 CallWindowProcW 42749->42750 42751 6eecd90 CallWindowProcW 42749->42751 42750->42748 42751->42748 42753 6ee2a7e 42752->42753 42754 6ee17f4 CallWindowProcW 42753->42754 42755 6ee2b56 42753->42755 42754->42753 42755->42701 42757 6eecd62 42756->42757 42758 6eecdb2 42756->42758 42760 6eecd80 CallWindowProcW 42757->42760 42761 6eecd90 CallWindowProcW 42757->42761 42759 6eecd78 42759->42701 42760->42759 42761->42759 42763 6ee2a7e 42762->42763 42764 6ee17f4 CallWindowProcW 42763->42764 42765 6ee2b56 42763->42765 42764->42763 42765->42701 42767 6ee17ff 42766->42767 42768 6ee2c0a CallWindowProcW 42767->42768 42769 6ee2bb9 42767->42769 42768->42769 42769->42701 42771 6eecd90 42770->42771 42772 6eecda1 42771->42772 42777 6eee1c0 42771->42777 42772->42743 42775 6eecda1 42774->42775 42776 6eee1c0 CallWindowProcW 42774->42776 42775->42743 42776->42775 42778 6eee1c8 42777->42778 42779 6ee17f4 CallWindowProcW 42778->42779 42780 6eee1da 42779->42780 42780->42772 42782 6e8d6a7 42781->42782 42784 6e8f997 42782->42784 42785 6e8d540 42782->42785 42786 6e8e530 GetModuleHandleW 42785->42786 42788 6e8e5a5 42786->42788 42788->42784 42986 6ee1a98 42987 6ee1a99 GetCurrentProcess 42986->42987 42989 6ee1b29 42987->42989 42990 6ee1b30 GetCurrentThread 42987->42990 42989->42990 42991 6ee1b6d GetCurrentProcess 42990->42991 42992 6ee1b66 42990->42992 42993 6ee1ba3 42991->42993 42992->42991 42994 6ee1bcb GetCurrentThreadId 42993->42994 42995 6ee1bfc 42994->42995 42789 2fb7ed0 42790 2fb7f14 CheckRemoteDebuggerPresent 42789->42790 42791 2fb7f56 42790->42791 42667 6ee1ce0 DuplicateHandle 42668 6ee1d76 42667->42668 42669 6ee2e70 42671 6ee2e78 42669->42671 42672 6ee2e9b 42671->42672 42673 6ee184c 42671->42673 42674 6ee2eb0 KiUserCallbackDispatcher 42673->42674 42676 6ee2f1e 42674->42676 42676->42671 42677 6ee3730 42678 6ee373b 42677->42678 42680 6ee374b 42678->42680 42681 6ee3320 42678->42681 42682 6ee3780 OleInitialize 42681->42682 42683 6ee37e4 42682->42683 42683->42680

                      Executed Functions

                      Function 02FB7ED0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                      Download Yara Rule
                      APIs
                      • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02FB7F47
                      Memory Dump Source
                      • Source File: 00000001.00000002.4100120865.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2fb0000_PO_23052024.jbxd
                      Similarity
                      • API ID: CheckDebuggerPresentRemote
                      • String ID:
                      • API String ID: 3662101638-0
                      • Opcode ID: 6a9c11688cdda982a77891a32d73e695157b33d4a4e00594f42f9f1c7207aa1e
                      • Instruction ID: 798e3dbccd901786f617adda6a9f6e5bc3c31439c0c165c102307271dc22ee74
                      • Opcode Fuzzy Hash: 6a9c11688cdda982a77891a32d73e695157b33d4a4e00594f42f9f1c7207aa1e
                      • Instruction Fuzzy Hash: B32145B2901259CFCB10CF9AD484BEEFBF4AF49320F14846AE458A3350D738A944CFA4
                      Function 06EE46D8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                      Download Yara Rule
                      APIs
                      • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,06EE5278,00000000,00000000), ref: 06EE532B
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: HookWindows
                      • String ID:
                      • API String ID: 2559412058-0
                      • Opcode ID: 054ca36bd4672e3eca80374774859fb7c0c06ce76baa3ac040a6c2d7b283cfbd
                      • Instruction ID: 1c07a4d177d6d1f472f8efb483469b4259e787d6621cc283ce21facc66928af0
                      • Opcode Fuzzy Hash: 054ca36bd4672e3eca80374774859fb7c0c06ce76baa3ac040a6c2d7b283cfbd
                      • Instruction Fuzzy Hash: 292147B1D002098FCB54CF9AC848BEEFBF4EB88314F10842AE459A7350D775A944CFA5
                      Function 06EE1A78 Relevance: 6.1, APIs: 4, Instructions: 143threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 451 6ee1a78-6ee1a90 452 6ee1a99-6ee1b27 GetCurrentProcess 451->452 453 6ee1a92-6ee1a96 451->453 457 6ee1b29-6ee1b2f 452->457 458 6ee1b30-6ee1b64 GetCurrentThread 452->458 453->452 457->458 459 6ee1b6d-6ee1ba1 GetCurrentProcess 458->459 460 6ee1b66-6ee1b6c 458->460 462 6ee1baa-6ee1bc5 call 6ee1c76 459->462 463 6ee1ba3-6ee1ba9 459->463 460->459 466 6ee1bcb-6ee1bfa GetCurrentThreadId 462->466 463->462 467 6ee1bfc-6ee1c02 466->467 468 6ee1c03-6ee1c65 466->468 467->468
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 06EE1B16
                      • GetCurrentThread.KERNEL32 ref: 06EE1B53
                      • GetCurrentProcess.KERNEL32 ref: 06EE1B90
                      • GetCurrentThreadId.KERNEL32 ref: 06EE1BE9
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: c75cc43b75b90d3b77751a43d2b6860ca0a91ac86e216be069681d181592e38e
                      • Instruction ID: ada52a0eb41b5727b3428a6b8e0714a2205967133719b13380f13a731ad3fb00
                      • Opcode Fuzzy Hash: c75cc43b75b90d3b77751a43d2b6860ca0a91ac86e216be069681d181592e38e
                      • Instruction Fuzzy Hash: 955164B0D00749CFDB44DFAAD948BEEBBF1AF49314F248069E009AB361D7349984CB65
                      Function 06EE1A98 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 475 6ee1a98-6ee1b27 GetCurrentProcess 480 6ee1b29-6ee1b2f 475->480 481 6ee1b30-6ee1b64 GetCurrentThread 475->481 480->481 482 6ee1b6d-6ee1ba1 GetCurrentProcess 481->482 483 6ee1b66-6ee1b6c 481->483 485 6ee1baa-6ee1bc5 call 6ee1c76 482->485 486 6ee1ba3-6ee1ba9 482->486 483->482 489 6ee1bcb-6ee1bfa GetCurrentThreadId 485->489 486->485 490 6ee1bfc-6ee1c02 489->490 491 6ee1c03-6ee1c65 489->491 490->491
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 06EE1B16
                      • GetCurrentThread.KERNEL32 ref: 06EE1B53
                      • GetCurrentProcess.KERNEL32 ref: 06EE1B90
                      • GetCurrentThreadId.KERNEL32 ref: 06EE1BE9
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 5d6ecec3e5b5adc8adeef363240126ef08e9929993fb67cce2969bf28ac83b8d
                      • Instruction ID: b2a3fc20bef3d4f8e11fecff7061823c15a50def39c09a08b8ce7c75bcecf659
                      • Opcode Fuzzy Hash: 5d6ecec3e5b5adc8adeef363240126ef08e9929993fb67cce2969bf28ac83b8d
                      • Instruction Fuzzy Hash: 1E5132B0D00749CFDB54DFAAD948BDEBBF1AB48318F248069E019A7364DB349984CF65
                      Function 06EE1A97 Relevance: 6.1, APIs: 4, Instructions: 126threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 498 6ee1a97-6ee1b27 GetCurrentProcess 502 6ee1b29-6ee1b2f 498->502 503 6ee1b30-6ee1b64 GetCurrentThread 498->503 502->503 504 6ee1b6d-6ee1ba1 GetCurrentProcess 503->504 505 6ee1b66-6ee1b6c 503->505 507 6ee1baa-6ee1bc5 call 6ee1c76 504->507 508 6ee1ba3-6ee1ba9 504->508 505->504 511 6ee1bcb-6ee1bfa GetCurrentThreadId 507->511 508->507 512 6ee1bfc-6ee1c02 511->512 513 6ee1c03-6ee1c65 511->513 512->513
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 06EE1B16
                      • GetCurrentThread.KERNEL32 ref: 06EE1B53
                      • GetCurrentProcess.KERNEL32 ref: 06EE1B90
                      • GetCurrentThreadId.KERNEL32 ref: 06EE1BE9
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 7ba1a0bad050d9ddc7065ba0f9d59b3c4795a249d5898d7e8d2022b8e9e82430
                      • Instruction ID: 1205c7ba9b0ff66a7023a5ac165851cf5e88e8dde638f415b603f0caaf6eb595
                      • Opcode Fuzzy Hash: 7ba1a0bad050d9ddc7065ba0f9d59b3c4795a249d5898d7e8d2022b8e9e82430
                      • Instruction Fuzzy Hash: 4A5130B0D00749CFDB44DFAAD948BDEBBF1AB48318F248069E019A7364DB349984CF65
                      Function 06E8BE40 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2019 6e8be40-6e8be4b 2020 6e8be4d-6e8be74 call 6e86530 2019->2020 2021 6e8be75-6e8be94 call 6e8653c 2019->2021 2027 6e8be9a-6e8bed2 2021->2027 2028 6e8be96-6e8be99 2021->2028 2033 6e8beda 2027->2033 2034 6e8bed4-6e8bed9 2027->2034 2035 6e8bedc 2033->2035 2036 6e8bee2-6e8bef9 2033->2036 2034->2033 2037 6e8bede 2035->2037 2038 6e8bf56-6e8bf8c GlobalMemoryStatusEx 2035->2038 2044 6e8befb-6e8befe 2036->2044 2045 6e8beff-6e8bf54 2036->2045 2042 6e8bf8e-6e8bf94 2038->2042 2043 6e8bf95-6e8bfbd 2038->2043 2042->2043 2045->2038
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ccabf15fba9bcc3edaef2ac4c5b73438c418dbf1f9f0738613613f8d972a1916
                      • Instruction ID: eb0c117e5834b8475f022c2e509f1ea57a8339544ef11d03257d003ef9ebd315
                      • Opcode Fuzzy Hash: ccabf15fba9bcc3edaef2ac4c5b73438c418dbf1f9f0738613613f8d972a1916
                      • Instruction Fuzzy Hash: 23412371E043998FCB14DFB9D80429EBFF1EF89310F1485AAE508A7651DB349845CBD1
                      Function 06E8F5D8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                      Download Yara Rule
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06E8F6EA
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: b58721f686e751385d58201951d012ac8338e383c76a0eee15d14ac86d31de4e
                      • Instruction ID: fffab9d9135cc83d04320047041370a06ff6405f779dd50cf8d36fe77e85c858
                      • Opcode Fuzzy Hash: b58721f686e751385d58201951d012ac8338e383c76a0eee15d14ac86d31de4e
                      • Instruction Fuzzy Hash: 0B41E1B1D10309DFDB14DFAAC984ADEBBB5FF48354F24812AE418AB250D775A841CF90
                      Function 06E8F5D7 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                      Download Yara Rule
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06E8F6EA
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: fafde1e8bef6cd6018a8c778039bb7f0672b360cca985f25ef70d336488fd9a8
                      • Instruction ID: 5968fbb1a8e3d672fab0d8d25cfbd4f1e3e4478404885fe3f73528b8a9564175
                      • Opcode Fuzzy Hash: fafde1e8bef6cd6018a8c778039bb7f0672b360cca985f25ef70d336488fd9a8
                      • Instruction Fuzzy Hash: 6441E0B1D10309DFDB14CFA9C984ADEBBB5BF48304F24822AE418AB250D7759881CF90
                      Function 06EE17F4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                      Download Yara Rule
                      APIs
                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 06EE2C31
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: CallProcWindow
                      • String ID:
                      • API String ID: 2714655100-0
                      • Opcode ID: 43ef8b5c16387ddb0daf4e72f6ff0df9270f8a0b41e53133e6549e701980ca24
                      • Instruction ID: cfe06f720945439cc6cf1ba5fc65b303f7721062a654f7cb5e74318b58ab5a86
                      • Opcode Fuzzy Hash: 43ef8b5c16387ddb0daf4e72f6ff0df9270f8a0b41e53133e6549e701980ca24
                      • Instruction Fuzzy Hash: 1C412BB5A00309CFDB54CF59C488A9ABBF5FB49314F14C459D519AB325D734E941CFA0
                      Function 06EE38BD Relevance: 1.6, APIs: 1, Instructions: 77comclipboardCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Clipboard
                      • String ID:
                      • API String ID: 220874293-0
                      • Opcode ID: ed436abffbf676d70595af7d388205d51cdc49fa9fa7ae8000921a852b315600
                      • Instruction ID: f4f6a8b57615cda4b854af82edfc8fa6c04fdebb227cc2ee6d1bd5d3fd797620
                      • Opcode Fuzzy Hash: ed436abffbf676d70595af7d388205d51cdc49fa9fa7ae8000921a852b315600
                      • Instruction Fuzzy Hash: 2A31F0B4D01349EFDB10CFA9C984BCEBBF5AF48308F248019E404AB394DB756885CBA5
                      Function 06EE38C8 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Clipboard
                      • String ID:
                      • API String ID: 220874293-0
                      • Opcode ID: dc25acc2bcf197f9dc6286411224644cde7d4ef04739564e512631509c77f400
                      • Instruction ID: 237a14ed3b0cb0b5d521d3fe3e77ddc39949eb0bfa80bdb5dba2fc3208d4b90d
                      • Opcode Fuzzy Hash: dc25acc2bcf197f9dc6286411224644cde7d4ef04739564e512631509c77f400
                      • Instruction Fuzzy Hash: A131E0B0D01348DFDB14CF99C984BCEBBF5AF48304F248019E408AB394DB756985CBA5
                      Function 06EE1CD8 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06EE1D67
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 4a0517822d68978566fc90056e01ccca588e385d434e3a3f910bfe2e90fbe2d0
                      • Instruction ID: e7b868697bff3b08ade7e992b6ca78f32e4fcc57fc5b239c7f7364467433af35
                      • Opcode Fuzzy Hash: 4a0517822d68978566fc90056e01ccca588e385d434e3a3f910bfe2e90fbe2d0
                      • Instruction Fuzzy Hash: A82105B5D003589FDB10CFAAD984ADEBFF8EB48320F14805AE954A7351C374A990CFA1
                      Function 02FB7EC8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                      Download Yara Rule
                      APIs
                      • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02FB7F47
                      Memory Dump Source
                      • Source File: 00000001.00000002.4100120865.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2fb0000_PO_23052024.jbxd
                      Similarity
                      • API ID: CheckDebuggerPresentRemote
                      • String ID:
                      • API String ID: 3662101638-0
                      • Opcode ID: 448a2a952b5ce911035926753b2bed1770e238c25f064fc4af595526b590bc3a
                      • Instruction ID: efbdaa212ad97fab25fe3462c06074037f59abcc56b648da45a80dcdd3e120c3
                      • Opcode Fuzzy Hash: 448a2a952b5ce911035926753b2bed1770e238c25f064fc4af595526b590bc3a
                      • Instruction Fuzzy Hash: 602166B2D012598FCB10CF9AC484BEEFBF4AF49320F14846AE458A7351D338A944CFA0
                      Function 06EE1CE0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06EE1D67
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: e33e34446644e06df945b1996eee75740fef44ee7361489f32b6d97e333c5e4e
                      • Instruction ID: ae7321825914d7ef0a76a6a8f69b8e8ef78e07159d951c16859f9a434da0db25
                      • Opcode Fuzzy Hash: e33e34446644e06df945b1996eee75740fef44ee7361489f32b6d97e333c5e4e
                      • Instruction Fuzzy Hash: AE21C4B5D003589FDB10CFAAD984ADEBFF8EB48314F14841AE954A7350D374A944CFA5
                      Function 06EE52A8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                      Download Yara Rule
                      APIs
                      • SetWindowsHookExA.USER32(0000000D,00000000,?,?,?,?,?,?,?,?,?,06EE5278,00000000,00000000), ref: 06EE532B
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: HookWindows
                      • String ID:
                      • API String ID: 2559412058-0
                      • Opcode ID: 5ef93e749f82215113ad949e3f9ee0bdb010ced0a07cfd99f2c84de58511cf5f
                      • Instruction ID: 40bf8c8d98ff0eb93fab256806e349a95623fc1576db247ae6afda2112f2183a
                      • Opcode Fuzzy Hash: 5ef93e749f82215113ad949e3f9ee0bdb010ced0a07cfd99f2c84de58511cf5f
                      • Instruction Fuzzy Hash: A92147B5D002098FCB54CFA9D848BEEFBF5AB88314F10842AE459A7350C775A940CFA4
                      Function 06EEC771 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,06EEC751,00000800), ref: 06EEC7E2
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: b79d439bdef5e7b4fd1d2a90e5197f5c12305b7ee0bae67503ec53749f322baf
                      • Instruction ID: 1a9cf4ff54b666cf0503e0490d7530a7354527b1b2939a9d23c31a24f6313805
                      • Opcode Fuzzy Hash: b79d439bdef5e7b4fd1d2a90e5197f5c12305b7ee0bae67503ec53749f322baf
                      • Instruction Fuzzy Hash: 901147B6D003498FCB10CFAAC844ADEFBF4AB48714F14841ED428A7200C374A544CFA0
                      Function 06EEB4DC Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,06EEC751,00000800), ref: 06EEC7E2
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: f2a1e25e0e80c331756480999323b9d574144c3b620c9b9ca60bd22fddb8ca7b
                      • Instruction ID: 765614406b291571c96beb190437674508018ba610f4efa3b7346f76106389fb
                      • Opcode Fuzzy Hash: f2a1e25e0e80c331756480999323b9d574144c3b620c9b9ca60bd22fddb8ca7b
                      • Instruction Fuzzy Hash: 2D1114B6D003498FDB20CFAAC484ADEFBF4EB48714F10842EE529A7250C375A545CFA4
                      Function 06E8653C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                      Download Yara Rule
                      APIs
                      • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,06E8BE92), ref: 06E8BF7F
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID: GlobalMemoryStatus
                      • String ID:
                      • API String ID: 1890195054-0
                      • Opcode ID: 06607083f13c7a1e95d36bb36e51fc1b12d92ad077b78518b8c378a346814d95
                      • Instruction ID: 90637a9d3fa44fdaeec6868134fa2a4cb45f448c2f2b990d69bb1869d3100a06
                      • Opcode Fuzzy Hash: 06607083f13c7a1e95d36bb36e51fc1b12d92ad077b78518b8c378a346814d95
                      • Instruction Fuzzy Hash: 391122B1C002599FCB10DF9AC944B9EFBF4EB08324F14852AE818A7241D378A940CFE5
                      Function 06E8BF10 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                      Download Yara Rule
                      APIs
                      • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,06E8BE92), ref: 06E8BF7F
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID: GlobalMemoryStatus
                      • String ID:
                      • API String ID: 1890195054-0
                      • Opcode ID: f55675f793db02e8bfc33082baeda73065af2db3293ee314e9a6eb43730c9bd9
                      • Instruction ID: 7a2e6afb93b0709d0e3c0e107f80ebeb50736d824be90e8682f0044fa21f7e4c
                      • Opcode Fuzzy Hash: f55675f793db02e8bfc33082baeda73065af2db3293ee314e9a6eb43730c9bd9
                      • Instruction Fuzzy Hash: 8D1117B5C002599FCB10DF9AC5447DEFBB4EF48324F14816AE418B7641D378A945CFA5
                      Function 06E8D540 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 06E8E596
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 3fb70a913afa096831a4e544e738c5826ab8a95020826a983a80c419f1ccf1f9
                      • Instruction ID: d30ad7828873dbd5996a24a71e42e0d01f3d2c2c3d7c6637c88935a5332ff442
                      • Opcode Fuzzy Hash: 3fb70a913afa096831a4e544e738c5826ab8a95020826a983a80c419f1ccf1f9
                      • Instruction Fuzzy Hash: 6C1120B5C003488FDB20DF9AC444ADEFBF4AB49314F10842AD458B7210D374A545CFA0
                      Function 06EE3320 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                      Download Yara Rule
                      APIs
                      • OleInitialize.OLE32(00000000), ref: 06EE37D5
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Initialize
                      • String ID:
                      • API String ID: 2538663250-0
                      • Opcode ID: 32e8288095596a383dac924c9fff0d2d98f53bfc6b1329f48804e42ebd4b360c
                      • Instruction ID: fbd584a15673d0d6a1e9fdb418ab2d8ccf9cde56a7f63a947259809e7dfcc9de
                      • Opcode Fuzzy Hash: 32e8288095596a383dac924c9fff0d2d98f53bfc6b1329f48804e42ebd4b360c
                      • Instruction Fuzzy Hash: A4112EB5900348CFCB20DF9AC588B9EBBF4EB48324F20845AE558A7650C379A940CFA4
                      Function 06EE184C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06EE2E85), ref: 06EE2F0F
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: 1dec7c2fd5ec33655ae265030a363a61f75fa0246ccd548572181065b4ad117b
                      • Instruction ID: afc0b9aa3a862aa5cc1928fa203858eb29bdfba8f8759f0f3acaa5b13d651265
                      • Opcode Fuzzy Hash: 1dec7c2fd5ec33655ae265030a363a61f75fa0246ccd548572181065b4ad117b
                      • Instruction Fuzzy Hash: 4F1106B5800348CFCB60DF99C489BDEBBF8EB49324F208459D559A7350D375A944CFA5
                      Function 06EE3779 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                      Download Yara Rule
                      APIs
                      • OleInitialize.OLE32(00000000), ref: 06EE37D5
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: Initialize
                      • String ID:
                      • API String ID: 2538663250-0
                      • Opcode ID: a3f1eb210e86194978d3304e96a8c254b9b9de0e0b578d3ecfc3b3f1bc1f660c
                      • Instruction ID: 1bc2801f7bdfed6b36e93799d948496459ad708d98c1915d0f4a7b27f972cac1
                      • Opcode Fuzzy Hash: a3f1eb210e86194978d3304e96a8c254b9b9de0e0b578d3ecfc3b3f1bc1f660c
                      • Instruction Fuzzy Hash: BB1103B5900348CFDB20CFAAD588BDEBFF4AB48328F14845AE558A7750C339A544CFA4
                      Function 06E8E52F Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 06E8E596
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110123401.0000000006E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E80000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6e80000_PO_23052024.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 0057e5bec679266ad1db40c5f1a9bd1380c00d46d23731724dcc2e9b30f1b016
                      • Instruction ID: 1320577a955b44a60f946f2746cf579bb882d00946570446b5bb26d064dcde78
                      • Opcode Fuzzy Hash: 0057e5bec679266ad1db40c5f1a9bd1380c00d46d23731724dcc2e9b30f1b016
                      • Instruction Fuzzy Hash: 1111DCB6C003498EDB20DF9AD948ADEFBF4AB48324F14842AD469B7610D379A545CFA1
                      Function 06EE2EA8 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06EE2E85), ref: 06EE2F0F
                      Memory Dump Source
                      • Source File: 00000001.00000002.4110178544.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_6ee0000_PO_23052024.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: 266792cecd892edfc4e61b4f16bb7bff8ece9ab8548ab7d9497e8233428e9b84
                      • Instruction ID: 0ce9ec90bf2d35294a73b4b375077979f55bd00f5b3ec23d80561132f07d015a
                      • Opcode Fuzzy Hash: 266792cecd892edfc4e61b4f16bb7bff8ece9ab8548ab7d9497e8233428e9b84
                      • Instruction Fuzzy Hash: 5E11FEB5800248CFCB20CF99C988BDEBBF4AB48324F24845AD559A7250D378A944CFA4
                      Function 02E2D044 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.4099890905.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2e2d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1900f6bbbd2d9ae73031a01a0b31e6f75beec10f225a313c86198aa3ac430311
                      • Instruction ID: 89e2893aef042d2d66ea05e6b60c07d5cd1d0ff8461b75a28133d5ded6b3470b
                      • Opcode Fuzzy Hash: 1900f6bbbd2d9ae73031a01a0b31e6f75beec10f225a313c86198aa3ac430311
                      • Instruction Fuzzy Hash: 97212971544204DFDB14DF14CDC4F26BB66FB88318F24C56DEA4A4B361C736D84ACA61
                      Function 02E2D20C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.4099890905.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2e2d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c70146c91fdf5b43c214505ea2519cea7e4b3c6a9e79975dd79800d991ddc91
                      • Instruction ID: a24633b8f8b0237f42e5959d532857ab07d657196f10087e602f7a7f86029ee6
                      • Opcode Fuzzy Hash: 2c70146c91fdf5b43c214505ea2519cea7e4b3c6a9e79975dd79800d991ddc91
                      • Instruction Fuzzy Hash: 1F215772584244DFDB01DF14DDC4B6AFBA5FB84328F20C669EA4F4B245C37AD84ACA61
                      Function 02E2D3BC Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.4099890905.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2e2d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9f34096b38c3b648888631b0b968dc131b53bf251c02dbd972bbf5d1f8061303
                      • Instruction ID: 2030916d85114c602c07ca67f04656f967ae890fafbf16e48b6baed3abc72a14
                      • Opcode Fuzzy Hash: 9f34096b38c3b648888631b0b968dc131b53bf251c02dbd972bbf5d1f8061303
                      • Instruction Fuzzy Hash: 8A212671584204DFDB08DF14DDC4B26BBA5FB84318F20C56DDA0B4B296C376E84ACA61
                      Function 02E2D207 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.4099890905.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2e2d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                      • Instruction ID: a324789c9882cc5e64816d2f6a8ef0e5dac72cc67cdac4f2e5fa2968f700e715
                      • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                      • Instruction Fuzzy Hash: F311B276544284CFDB12CF14D9C4B56FFA1FB84328F24C6AADD4A4B656C33AD40ACB51
                      Function 02E2D3B7 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.4099890905.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2e2d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: 0dde9dc2b43e4992da45731776a0325337166aff00250ca50d52df50ed8ad3cc
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: E211DD75544280CFDB09CF10D9C4B15BFB2FB84318F24C6AAD94A4B256C33AE40ACBA1
                      Function 02E2D03F Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.4099890905.0000000002E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_2e2d000_PO_23052024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: b60ea346c9f0cc8033fc314f6dde76fa91df2924bed2c1c603244cd4b738ba98
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: BE11D075544244CFCB15CF10C9C4B16BF62FB44318F28C6A9D94A4B662C33AD84ACF61