Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hesaphareketi-015232024.SCR.exe

Overview

General Information

Sample name:hesaphareketi-015232024.SCR.exe
Analysis ID:1446506
MD5:14f0b309c14c5f5e75c9a1d95967318b
SHA1:baa09246339d936e19328dcca98c527a8af9cb5c
SHA256:415dc24924ada536128e601b4372a72dd6d6e566e3b49c3c79a5b6dde7b702cf
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: RegAsm connects to smtp port
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • hesaphareketi-015232024.SCR.exe (PID: 2444 cmdline: "C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe" MD5: 14F0B309C14C5F5E75C9A1D95967318B)
    • RegAsm.exe (PID: 2796 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "tqpas.com", "Username": "muratserbes@tqpas.com", "Password": "Ot939393!"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.RegAsm.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              2.2.RegAsm.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.RegAsm.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x33525:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x33597:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x33621:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x336b3:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x3371d:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x3378f:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x33825:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x338b5:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 10 entries

                    Sigma Signatures

                    Networking

                    barindex
                    Sigma detected: RegAsm connects to smtp port
                    Source: Network ConnectionAuthor: Joe Security: Data: DesusertionIp: 91.235.116.231, DesusertionIsIpv6: false, DesusertionPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, Initiated: true, ProcessId: 2796, Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49709

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DesusertionIp: 91.235.116.231, DesusertionIsIpv6: false, DesusertionPort: 587, EventID: 3, Image: , Initiated: true, ProcessId: , Protocol: tcp, SourceIp: 192.168.2.9, SourceIsIpv6: false, SourcePort: 49741

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: hesaphareketi-015232024.SCR.exeAvira: detected
                    Found malware configuration
                    Source: 2.2.RegAsm.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "tqpas.com", "Username": "muratserbes@tqpas.com", "Password": "Ot939393!"}
                    Multi AV Scanner detection for submitted file
                    Source: hesaphareketi-015232024.SCR.exeReversingLabs: Detection: 39%
                    Source: hesaphareketi-015232024.SCR.exeVirustotal: Detection: 44%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: hesaphareketi-015232024.SCR.exeJoe Sandbox ML: detected
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.9:49706 version: TLS 1.2
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\GT350\source\repos\AtllasRunp\AtllasRunp\obj\Debug\Bienvenida.pdb source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273201762.0000000002611000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi-015232024.SCR.exe, 00000000.00000002.1274573419.0000000004F10000.00000004.08000000.00040000.00000000.sdmp
                    Source: global trafficTCP traffic: 192.168.2.9:49709 -> 91.235.116.231:587
                    Source: Joe Sandbox ViewIP Address: 91.235.116.231 91.235.116.231
                    Source: Joe Sandbox ViewIP Address: 91.235.116.231 91.235.116.231
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                    Source: Joe Sandbox ViewASN Name: THCPROJECTSRO THCPROJECTSRO
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficTCP traffic: 192.168.2.9:49709 -> 91.235.116.231:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: tqpas.com
                    Source: RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753167648.00000000091E2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F51000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                    Source: RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753167648.00000000091E2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F51000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: RegAsm.exe, 00000002.00000002.3744691064.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002C43000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002F0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tqpas.com
                    Source: RegAsm.exe, 00000002.00000002.3748765410.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748813573.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753745047.0000000009263000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3752707810.0000000009190000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753319677.00000000091F5000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748878534.0000000005DC1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: RegAsm.exe, 00000002.00000002.3748765410.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748813573.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753745047.0000000009263000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3752707810.0000000009190000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753319677.00000000091F5000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748878534.0000000005DC1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.9:49706 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, gmBpn1ecBmQ.cs.Net Code: CTkvi7Udc0s
                    Installs a global keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_36e5cc57-7

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.3663180.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.36acdb0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00CC41C82_2_00CC41C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00CCE2902_2_00CCE290
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00CCA9502_2_00CCA950
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00CC4A982_2_00CC4A98
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00CC3E802_2_00CC3E80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0640C2682_2_0640C268
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_06407E702_2_06407E70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_064066E02_2_064066E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_064056B02_2_064056B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_064023582_2_06402358
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0640B3282_2_0640B328
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_064000402_2_06400040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0640E4982_2_0640E498
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_06405DF02_2_06405DF0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_064000252_2_06400025
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0640003C2_2_0640003C
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1271708067.00000000008DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareGame.dll: vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename4686de04-aad7-4ef3-a8cb-bdd3c6994f7d.exe4 vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273201762.0000000002611000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBienvenida.exe6 vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273201762.0000000002611000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename4686de04-aad7-4ef3-a8cb-bdd3c6994f7d.exe4 vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1274573419.0000000004F10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBienvenida.exe6 vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1271292995.00000000006F8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exeBinary or memory string: OriginalFilenameCheckGroup.exe6 vs hesaphareketi-015232024.SCR.exe
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.3663180.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.36acdb0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.4da0000.5.raw.unpack, Level.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.3663180.3.raw.unpack, Level.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.36acdb0.2.raw.unpack, Level.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@3/1@2/2
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi-015232024.SCR.exe.logJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: hesaphareketi-015232024.SCR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: RegAsm.exe, 00000002.00000002.3748385053.0000000005CEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select * from Win32_OperatingSystem);
                    Source: hesaphareketi-015232024.SCR.exeReversingLabs: Detection: 39%
                    Source: hesaphareketi-015232024.SCR.exeVirustotal: Detection: 44%
                    Source: unknownProcess created: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe "C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe"
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\GT350\source\repos\AtllasRunp\AtllasRunp\obj\Debug\Bienvenida.pdb source: hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273201762.0000000002611000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi-015232024.SCR.exe, 00000000.00000002.1274573419.0000000004F10000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: hesaphareketi-015232024.SCR.exe, PluginTranslate.cs.Net Code: LoadAndDecryptAssembly System.Reflection.Assembly.Load(byte[])
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: 0xA95F84AF [Sat Jan 17 23:56:31 2060 UTC]
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00CC0C6D push edi; retf 2_2_00CC0C7A
                    Source: hesaphareketi-015232024.SCR.exeStatic PE information: section name: .text entropy: 7.9565006816864505
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: hesaphareketi-015232024.SCR.exe PID: 2444, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeMemory allocated: 2410000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeMemory allocated: 2410000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199983Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199874Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198671Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 7280Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 2578Jump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe TID: 1700Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -99108s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98999s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98889s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98754s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98566s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -98109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97998s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97780s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97671s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97339s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97234s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97125s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -97000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96671s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96561s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96343s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96194s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -96093s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199983s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199874s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199765s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199656s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199546s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199437s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199328s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199218s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1199109s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1198999s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1198890s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1198781s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1198671s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1198562s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7460Thread sleep time: -1198453s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 99108Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98889Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98754Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98566Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 98109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97998Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97780Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97671Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97339Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97234Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97125Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 97000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96671Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96561Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96343Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96194Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 96093Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199983Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199874Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199765Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199546Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199437Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199328Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199218Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1199109Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198999Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198890Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198781Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198671Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198562Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 1198453Jump to behavior
                    Source: RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    .NET source code references suspicious native API functions
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.4f10000.6.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csReference to suspicious API methods: MyGetProcAddress(hProcess, Name)
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.4f10000.6.raw.unpack, QJDLGErGwGLnDsDTGnUfx.csReference to suspicious API methods: LoadLibraryA(ref name)
                    Source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, eFaPC.csReference to suspicious API methods: uegqtUwBmt.OpenProcess(zwYjuxQUnSG.DuplicateHandle, bInheritHandle: true, (uint)fAFQ.ProcessID)
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeQueries volume information: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.3663180.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.36acdb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hesaphareketi-015232024.SCR.exe PID: 2444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2796, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.3663180.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.36acdb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hesaphareketi-015232024.SCR.exe PID: 2444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2796, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.37a6860.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.3663180.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.hesaphareketi-015232024.SCR.exe.36acdb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: hesaphareketi-015232024.SCR.exe PID: 2444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2796, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Native API                    		Boot or Logon Initialization Scripts11
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		211
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		111
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS1
                    Process Discovery                    		Distributed Component Object Model211
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets141
                    Virtualization/Sandbox Evasion                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSync1
                    System Network Configuration Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                    Virtualization/Sandbox Evasion                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    hesaphareketi-015232024.SCR.exe39%ReversingLabsByteCode-MSIL.Trojan.Generic
                    hesaphareketi-015232024.SCR.exe45%VirustotalBrowse
                    hesaphareketi-015232024.SCR.exe100%AviraHEUR/AGEN.1308640
                    hesaphareketi-015232024.SCR.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    api.ipify.org1%VirustotalBrowse
                    tqpas.com1%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://r3.i.lencr.org/00%URL Reputationsafe
                    http://tqpas.com0%Avira URL Cloudsafe
                    http://tqpas.com1%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		172.67.74.152
                    		truefalseunknown
                    tqpas.com
                    		91.235.116.231
                    		truetrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://api.ipify.org/false
                    • URL Reputation: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://r3.o.lencr.org0RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753167648.00000000091E2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F51000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ipify.orghesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://account.dyn.com/hesaphareketi-015232024.SCR.exe, 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegAsm.exe, 00000002.00000002.3744691064.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.c.lencr.org/0RegAsm.exe, 00000002.00000002.3748765410.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748813573.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753745047.0000000009263000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3752707810.0000000009190000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753319677.00000000091F5000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748878534.0000000005DC1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/0RegAsm.exe, 00000002.00000002.3748765410.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748813573.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753745047.0000000009263000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3752707810.0000000009190000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753319677.00000000091F5000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748878534.0000000005DC1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F04000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tqpas.comRegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002C43000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002F0A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://r3.i.lencr.org/0RegAsm.exe, 00000002.00000002.3744691064.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000003027000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3753167648.00000000091E2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D29000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B5D000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743920591.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002D48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743534682.0000000000F51000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748493743.0000000005D10000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002B75000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3743830230.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.3748385053.0000000005D00000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    91.235.116.231
                    		tqpas.comRomania
                    		51177THCPROJECTSROtrue
                    172.67.74.152
                    		api.ipify.orgUnited States
                    		13335CLOUDFLARENETUSfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1446506
                    Start date and time:2024-05-23 15:14:10 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 17s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:19
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:hesaphareketi-015232024.SCR.exe
                    Detection:MAL
                    Classification:mal100.spre.troj.spyw.evad.winEXE@3/1@2/2
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 69
                    • Number of non-executed functions: 3
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:14:57API Interceptor10964138x Sleep call for process: RegAsm.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    91.235.116.231Order Details89654.docGet hashmaliciousAgentTesla, zgRATBrowse
                    • rgkkzna.com/okc.exe
                    RFQs.docGet hashmaliciousUnknownBrowse
                    • rgkkzna.com/okc.exe
                    http://www.expressfreightshippingcompany.com/Get hashmaliciousUnknownBrowse
                    • www.expressfreightshippingcompany.com/icons/icons.svg
                    #Uc678#Ud654#Uc1a1#Uae08#Ud655#Uc778#Uc11cGLJ20210219.xlsxGet hashmaliciousUnknownBrowse
                    • lowes-ca.org/Img/AZZ.exe
                    PROFORMA INVOICE.xlsxGet hashmaliciousUnknownBrowse
                    • lowes-ca.org/Img/VAI.exe
                    172.67.74.152K8mzlntJVN.msiGet hashmaliciousUnknownBrowse
                    • api.ipify.org/
                    stub.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/
                    stub.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/
                    Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    Sky-Beta.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/?format=json
                    Sky-Beta.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/?format=json
                    Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    Sky-Beta.exeGet hashmaliciousStealitBrowse
                    • api.ipify.org/?format=json
                    SongOfVikings.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/?format=json
                    SongOfVikings.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/?format=json

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    tqpas.comhesaphareketi-05222025.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    59c4c7e95c9549234661cc0c3a33de39958df413f3a408f3385e69fd669228fb_payload.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    hesaphareketi-01-5202024.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    hesaphareket_1715688000.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    api.ipify.orgrPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 104.26.13.205
                    ASCD0001 INQ9829......pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.13.205
                    http://t.co/COiSlB3TomGet hashmaliciousHTMLPhisherBrowse
                    • 104.26.12.205
                    Zam#U00f3w nr 90016288247_ ZNG_1406_MG_2024_004782922.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.13.205
                    NEW ORDER.exeGet hashmaliciousAgentTeslaBrowse
                    • 104.26.13.205
                    pro-forma invoice.xlsm.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 172.67.74.152
                    Order PS24S0040.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 172.67.74.152
                    https://greettive-tke-783743.pages.dev/help/contact/95094729232531Get hashmaliciousUnknownBrowse
                    • 104.26.12.205
                    948209184.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    DHL Delivery Invoice.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    THCPROJECTSROhesaphareketi-05222025.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    59c4c7e95c9549234661cc0c3a33de39958df413f3a408f3385e69fd669228fb_payload.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    Aluminium_Oxide00980000.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    hesaphareketi-01-5202024.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    hesaphareket_1715688000.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    yTsIrrO40Q.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    rScanedP.O.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 91.235.116.231
                    rScaned_Product_Attached_Document.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 91.235.116.180
                    rCompany_Profile.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 91.235.116.180
                    DEKONT.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 91.235.116.180
                    CLOUDFLARENETUSORDEM DE COMPRA.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    http://chocolatefashiononline.comGet hashmaliciousUnknownBrowse
                    • 104.19.178.52
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 104.26.13.205
                    https://lnk.sk/mzoyGet hashmaliciousUnknownBrowse
                    • 172.67.176.2
                    https://lnk.sk/twr3Get hashmaliciousUnknownBrowse
                    • 104.21.48.17
                    COMMANDE.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                    • 104.21.5.109
                    t3h7DNer1Q.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                    • 104.16.185.241
                    https://docs.google.com/forms/d/e/1FAIpQLSeRYIPr_Xs8SxtWD9VaAhgsz9aibS_bijyTwdbidiIQ4ngVlQ/viewform?embedded=true&entry.1325074572=http%3A%2F%2Fr.smtp.euro-symbiose.fr%2Ftr%2Fcl%2Fqrjz6G3WMajAukEuXu-N0Qebu__8ljHwQjs84-vbNFkstMs8BrqGB6auM8cV52vdc-z8kda-O1XzLDMdp-o1VJ_xiAbOzr9v5pxwTGj0Dst_LdwxxKSPofjHdg7nt8IDlgUJ3uTEcfUBoqUeYZ1z6UfsaMJ-LJXtWMT4Mwb9atjObh_1JANJ5jvL-GurRI94WpyXTvnXhmqNG1ThqZzYQSaX5jfeHHDV6kb8kSgWbW5xuXgTilqIdc91eM30NL2GhrRlNADqergaHf7cyAh4WnSBK&entry.731640200=build-verify+URL%3A+build+UrlParams%3A+build-verify+URL%3A+get+URL%3A+decrypt%3A+base64+decode%3A+illegal+base64+data+at+input+byte+280Get hashmaliciousUnknownBrowse
                    • 1.1.1.1
                    RE Fasthosts - Payment Failed.emlGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                    • 104.18.10.14
                    https://url.uk.m.mimecastprotect.com/s/pk4ACO8rYSq23vcE1w2JGet hashmaliciousUnknownBrowse
                    • 188.114.97.3

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    3b5074b1b5d032e5620f69f9f700ff0eORDEM DE COMPRA.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 172.67.74.152
                    rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • 172.67.74.152
                    ASCD0001 INQ9829......pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    Invoice.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 172.67.74.152
                    msimg32.dllGet hashmaliciousRemcosBrowse
                    • 172.67.74.152
                    https://url10.mailanyone.net/scanner?m=1s9Mri-0007hx-3T&d=4%7Cmail%2F90%2F1716287400%2F1s9Mri-0007hx-3T%7Cin10g%7C57e1b682%7C12862802%7C10019077%7C664C7952D245399BD4B163183C53C253&o=%2Fphte%3A%2Fdtsseedrontec.iuconsctomat%2Fku.&s=X3gWuPbJRU1Tmui7Qt2w30qEumEGet hashmaliciousHTMLPhisherBrowse
                    • 172.67.74.152
                    INVOICE.jsGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    Zam#U00f3w nr 90016288247_ ZNG_1406_MG_2024_004782922.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    NEW ORDER.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.67.74.152
                    dfzesJIgdr.exeGet hashmaliciousRedLine, VidarBrowse
                    • 172.67.74.152

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi-015232024.SCR.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1119
                    Entropy (8bit):5.345080863654519
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4KH1qE4qpAE4KzecKDE4KhKiKhPKIE4oKNzKorE4j:MIHK5HKH1qHmAHKzecYHKh3oPtHo6THj
                    MD5:1C6FD9CD428504CC2BA9F307F214A0D2
                    SHA1:E07FC69DB2B137B7FF850BD7715B19FD14BBF7EF
                    SHA-256:9364B7760F41CE9F4C3C0CB90578417011E3BB34D3F8565E74347E4EC5020E3A
                    SHA-512:7ABF849B2905F7467B6CA1F5DA784199619ED52355253FE0490BC55100312D60FCCB9613B6AE0A762BB05813896057EE32AD0C60C2B2D5F24DB64F03272E293D
                    Malicious:false
                    Reputation:low
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\S

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.943263651555134
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:hesaphareketi-015232024.SCR.exe
                    File size:329'216 bytes
                    MD5:14f0b309c14c5f5e75c9a1d95967318b
                    SHA1:baa09246339d936e19328dcca98c527a8af9cb5c
                    SHA256:415dc24924ada536128e601b4372a72dd6d6e566e3b49c3c79a5b6dde7b702cf
                    SHA512:7e8e8b92b9d3f55a105de154fdb1e468fa3e6bc73c21eef2495ba22ee0522e15dca490b1c1210b83ab2ed876f67c34efcde8ca72375a695ba69d9237ecaa5d30
                    SSDEEP:6144:bJHFcDmiIr2baLQ+axLyAPuBthKaOUn1ajxPiFLUunarm5pL5Yzmwn3Wrgmi:hFKmX29+axg48gjxILLvpVE3tZ
                    TLSH:9F64126A6768DB72C0B90BF7CE35C4860BA97A655222F2742BC5644A4CB3F395D3CF40
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...............0.................. ... ....@.. .......................`............@................................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x451a9e
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0xA95F84AF [Sat Jan 17 23:56:31 2060 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x51a440x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x5b6.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x540000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x4faa40x4fc00d5109d32fe0d5a719fb6d6e3082bc2faFalse0.9503024588557993data7.9565006816864505IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x520000x5b60x6001819bf104364855a3cf8da27eef47702False0.419921875data4.108950182265055IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x540000xc0x200407e18f88ad05f6ac5450625662c823dFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0x520a00x32cdata0.42610837438423643
                    RT_MANIFEST0x523cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 23, 2024 15:14:57.248579979 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.248609066 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:57.248673916 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.257090092 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.257102966 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:57.741431952 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:57.741626024 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.758338928 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.758375883 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:57.758673906 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:57.812697887 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.844775915 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:57.886507034 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:58.068072081 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:58.068141937 CEST44349706172.67.74.152192.168.2.9
                    May 23, 2024 15:14:58.068815947 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:58.074317932 CEST49706443192.168.2.9172.67.74.152
                    May 23, 2024 15:14:58.794143915 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:14:58.844058990 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:14:58.844163895 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:14:59.752000093 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:14:59.752450943 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:14:59.757452965 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:14:59.971720934 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:14:59.973042965 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:14:59.978056908 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.227339983 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.227982998 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:00.232840061 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.455882072 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.457076073 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.457135916 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:00.460896015 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.460922003 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.460973978 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:00.492574930 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:00.512207985 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.512260914 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:00.521752119 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.763473988 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.766666889 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:00.771615982 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:00.999368906 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.000883102 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:01.006330967 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.220792055 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.221993923 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:01.271339893 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.516484976 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.516815901 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:01.526287079 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.782882929 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:01.783159971 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:01.789179087 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.103707075 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.103987932 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:02.113514900 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.327387094 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.328092098 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:02.329816103 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:02.329843998 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:02.329871893 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:15:02.333420992 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.343056917 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.343072891 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.343080044 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.696275949 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:15:02.750210047 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:16:28.852644920 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:16:28.857815027 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:16:29.072386026 CEST5874970991.235.116.231192.168.2.9
                    May 23, 2024 15:16:29.074644089 CEST49709587192.168.2.991.235.116.231
                    May 23, 2024 15:16:29.075637102 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:29.128582954 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:29.128665924 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:29.851469994 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:29.851650953 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:29.856571913 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.069086075 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.069251060 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:30.074170113 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.288781881 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.289275885 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:30.294559002 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.516886950 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.519635916 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.519685984 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:30.523936033 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.527793884 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:30.576512098 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.790604115 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:30.791925907 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:30.798571110 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.182615042 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.182825089 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:31.191133976 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.404408932 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.404741049 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:31.409677029 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.695086956 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.695339918 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:31.701975107 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.914050102 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:31.914506912 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:31.919506073 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.227423906 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.227665901 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.232671976 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.445282936 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.446887970 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.446887970 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.446887970 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.446950912 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.450984001 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.451910973 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.452171087 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.456748009 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456763983 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456773996 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456784010 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456794024 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456801891 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456810951 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456820011 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456829071 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456836939 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456847906 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.456861019 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.456886053 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.456886053 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.456965923 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.464503050 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.466931105 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.469302893 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.469312906 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.469321012 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.470597982 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.474227905 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.474358082 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.485238075 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.485424042 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.493696928 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.494080067 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.498956919 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504354954 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504367113 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504374981 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504381895 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504390001 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504398108 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504405022 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.504411936 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.534971952 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:32.541765928 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.541774988 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.589566946 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.938824892 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:32.984895945 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:36.872489929 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:36.879971027 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:37.102113008 CEST5874971691.235.116.231192.168.2.9
                    May 23, 2024 15:16:37.102619886 CEST49716587192.168.2.991.235.116.231
                    May 23, 2024 15:16:37.103617907 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:37.170574903 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:37.172580004 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:38.132740021 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:38.188363075 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:39.198159933 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:39.206578016 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.413265944 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.413748026 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:39.418637991 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.631014109 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.631560087 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:39.637479067 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.857234955 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.859330893 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.859726906 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:39.864075899 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:39.865425110 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:39.916538954 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.126240969 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.127196074 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:40.132148981 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.344257116 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.344568968 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:40.356708050 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.571281910 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.571624041 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:40.576591969 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.809839964 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:40.810409069 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:40.815408945 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:41.025701046 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:41.025897026 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:41.030771017 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:41.094831944 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:41.101228952 CEST5874971791.235.116.231192.168.2.9
                    May 23, 2024 15:16:41.101294041 CEST49717587192.168.2.991.235.116.231
                    May 23, 2024 15:16:41.148035049 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:41.157337904 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:41.157412052 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:42.075617075 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.075930119 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:42.081026077 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.292871952 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.295022964 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:42.308305025 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.523263931 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.526449919 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:42.531454086 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.751427889 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.752932072 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.753032923 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:42.756457090 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:42.757812977 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:42.809101105 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.023374081 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.024621964 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:43.029515028 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.239968061 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.240423918 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:43.245399952 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.456191063 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.456509113 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:43.461466074 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.684943914 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.685178995 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:43.690411091 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.900542021 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:43.900810003 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:43.905675888 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.211380959 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.212969065 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.219213963 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.447284937 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.450942039 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.451010942 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.451011896 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.451080084 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.453319073 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.455944061 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.458852053 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.460726976 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460736036 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460746050 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460753918 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460761070 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460768938 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460776091 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460783958 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460792065 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460799932 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460807085 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.460820913 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.460863113 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.460875034 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.465488911 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.467191935 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.470241070 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.470249891 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.470257998 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.470266104 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.470273018 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.470313072 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.470438957 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.474997997 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.478959084 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.479892969 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.479902029 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.479908943 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.479917049 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.480132103 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:16:44.484651089 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.484658957 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.484667063 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489459991 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489469051 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489475965 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489484072 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489491940 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489499092 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489506006 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489510059 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.489516020 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.539303064 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.539313078 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:44.935548067 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:16:45.057251930 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:17:13.054725885 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:17:13.139282942 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:17:13.420548916 CEST5874971891.235.116.231192.168.2.9
                    May 23, 2024 15:17:13.421047926 CEST49718587192.168.2.991.235.116.231
                    May 23, 2024 15:17:13.422553062 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:13.474632978 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:13.476394892 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:14.286801100 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.286973953 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:14.292053938 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.504234076 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.504420042 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:14.509752989 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.724899054 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.726511002 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:14.731534958 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.956543922 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.958554029 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.963062048 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:14.963289976 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:14.971036911 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:15.022746086 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:15.082228899 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:15.088236094 CEST5874971991.235.116.231192.168.2.9
                    May 23, 2024 15:17:15.093287945 CEST49719587192.168.2.991.235.116.231
                    May 23, 2024 15:17:15.133066893 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:15.146339893 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:15.153040886 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.085582972 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.085726023 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.090712070 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.304831982 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.304975986 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.312268019 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.526599884 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.527076006 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.532928944 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.757102013 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.758198023 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.758256912 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.761794090 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.763679028 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.797724009 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.927067041 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.950402975 CEST5874972091.235.116.231192.168.2.9
                    May 23, 2024 15:17:16.950511932 CEST49720587192.168.2.991.235.116.231
                    May 23, 2024 15:17:16.976780891 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:17.006433010 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:17.006747961 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:17.820373058 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:17.826422930 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:17.831568003 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.043673038 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.043812990 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.048963070 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.271934032 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.272507906 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.279678106 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.503616095 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.504795074 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.504870892 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.508348942 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.508373976 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.508414030 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.510679007 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.555382013 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.555432081 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.560187101 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.769059896 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.770503044 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:18.779848099 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.994810104 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:18.995316982 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:19.000472069 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.213536978 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.216540098 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:19.221551895 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.448738098 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.449028015 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:19.501580000 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.668195963 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.669395924 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:19.674420118 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.982673883 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:19.982917070 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:19.989340067 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.200493097 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.200875044 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.200953960 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.200953960 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.201041937 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.202547073 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.214757919 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214788914 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214807034 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.214817047 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214845896 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214874029 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214895010 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.214919090 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214921951 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.214946985 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214970112 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.214976072 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.214998007 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.215003967 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.215023041 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.215037107 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.215049982 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.215050936 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.215084076 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.215101957 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.215133905 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.220510960 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.220570087 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.225524902 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.225553989 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.225581884 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.225593090 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.225609064 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.225611925 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.225636959 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.225692034 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.232229948 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.232283115 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.241797924 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.241827965 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.241853952 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.241854906 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.241883039 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.241890907 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.241909981 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.241911888 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.241936922 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.241964102 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.248507977 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.248537064 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.254879951 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.254908085 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.254935026 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.254961014 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.254987955 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255013943 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255040884 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255068064 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255095005 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255121946 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255135059 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255161047 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255187035 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255213022 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255239964 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255266905 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255292892 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.255321026 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.297535896 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:20.302706957 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.302752018 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.353589058 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.704621077 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:20.750839949 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:27.438632011 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:27.444077969 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:27.677556992 CEST5874972191.235.116.231192.168.2.9
                    May 23, 2024 15:17:27.681899071 CEST49721587192.168.2.991.235.116.231
                    May 23, 2024 15:17:27.685146093 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:27.691762924 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:27.692049980 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:28.480262041 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:28.480480909 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:28.485909939 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:28.739450932 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:28.782319069 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:29.943500042 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:29.948620081 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.158343077 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.158822060 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.163778067 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.381536961 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.383599997 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.383646965 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.388421059 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.388438940 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.388492107 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.390137911 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.435590029 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.435645103 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.441921949 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.657948017 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.659071922 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.664069891 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.963479996 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:30.963752031 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:30.968791008 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:31.186745882 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:31.187367916 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:31.248806000 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:31.455537081 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:31.456094980 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:31.467947960 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:31.693280935 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:31.693470955 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:31.699080944 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.009603024 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.009855986 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.018536091 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.236145020 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.236613989 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.236689091 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.236749887 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.236869097 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.238837957 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.241640091 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.241698027 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246416092 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246450901 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246500969 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246531010 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246545076 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246558905 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246578932 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246586084 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246620893 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246628046 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246638060 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246655941 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246658087 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246684074 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246690035 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246701002 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246711016 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.246723890 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.246758938 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.251265049 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.251318932 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256454945 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256500959 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256500959 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256529093 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256540060 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256556034 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256571054 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256582975 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256608009 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256609917 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256623983 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256635904 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256659985 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256663084 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256690025 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256690025 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256716967 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.256721973 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256773949 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.256789923 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.261791945 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.261846066 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.266601086 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266645908 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266657114 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.266674042 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266701937 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266712904 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:32.266727924 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266756058 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266782999 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266813993 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266820908 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266848087 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266875029 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266906023 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266912937 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266940117 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266967058 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.266993046 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.267019987 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.267046928 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.267074108 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.271308899 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.271338940 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.271365881 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.271406889 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276067019 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276098013 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276128054 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276154995 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276180983 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276210070 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276237011 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276263952 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.276292086 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.323398113 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.725547075 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:32.875812054 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.317687035 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.323460102 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:35.536700010 CEST5874972291.235.116.231192.168.2.9
                    May 23, 2024 15:17:35.539495945 CEST49722587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.542543888 CEST49723587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.596585035 CEST5874972391.235.116.231192.168.2.9
                    May 23, 2024 15:17:35.598629951 CEST49723587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.688405991 CEST49723587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.693617105 CEST5874972391.235.116.231192.168.2.9
                    May 23, 2024 15:17:35.699239016 CEST49723587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.765583038 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:35.770798922 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:35.773426056 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:36.495038986 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:36.495212078 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:36.500281096 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:36.711803913 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:36.711930037 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:36.716814041 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:36.939527988 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:36.956351995 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:36.961261988 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.180833101 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.182904005 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.183223009 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.187519073 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.187527895 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.187638998 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.191112041 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.238065958 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.238503933 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.248416901 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.481337070 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.495102882 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.501130104 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.710623980 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.711399078 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.716511011 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.926611900 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:37.927365065 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:37.935126066 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.216041088 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.216286898 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.221358061 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.431799889 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.431998014 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.437027931 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.742063999 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.742505074 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.748476982 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.957648993 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.961739063 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.961904049 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.961941004 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.961941004 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.965914011 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.966923952 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.967127085 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.971698999 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971713066 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971725941 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971729994 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971739054 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971744061 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971754074 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.971893072 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.972002983 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.977240086 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.977271080 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.977303028 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.977315903 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.977329969 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.977448940 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.982913971 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.982929945 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.982942104 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.982953072 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.982994080 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.983083010 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.987629890 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.987643957 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.987670898 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.987765074 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.987765074 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.992405891 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.992420912 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.992435932 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.992440939 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.992454052 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.992459059 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.992511988 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.992562056 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:38.997622967 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.997641087 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:38.997782946 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:39.002449036 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002455950 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002470016 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002475977 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002499104 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002504110 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002516985 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002521992 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002535105 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.002600908 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:39.007230997 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007236958 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007250071 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007256031 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007268906 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007273912 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007287025 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007292986 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.007306099 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012461901 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012469053 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012481928 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012486935 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012500048 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012506008 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.012517929 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.063359976 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.464674950 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:39.516366005 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:44.523118019 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:44.528431892 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:44.739140034 CEST5874972491.235.116.231192.168.2.9
                    May 23, 2024 15:17:44.740566015 CEST49724587192.168.2.991.235.116.231
                    May 23, 2024 15:17:44.740566015 CEST49725587192.168.2.991.235.116.231
                    May 23, 2024 15:17:44.796458006 CEST5874972591.235.116.231192.168.2.9
                    May 23, 2024 15:17:44.797245026 CEST49725587192.168.2.991.235.116.231
                    May 23, 2024 15:17:45.693214893 CEST5874972591.235.116.231192.168.2.9
                    May 23, 2024 15:17:45.693375111 CEST49725587192.168.2.991.235.116.231
                    May 23, 2024 15:17:45.699161053 CEST5874972591.235.116.231192.168.2.9
                    May 23, 2024 15:17:45.735500097 CEST49725587192.168.2.991.235.116.231
                    May 23, 2024 15:17:45.773121119 CEST5874972591.235.116.231192.168.2.9
                    May 23, 2024 15:17:45.773312092 CEST49725587192.168.2.991.235.116.231
                    May 23, 2024 15:17:45.792592049 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:45.820476055 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:45.820727110 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:46.639533997 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:46.643246889 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:46.648269892 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:46.860116005 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:46.860651016 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:46.865595102 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.098895073 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.099411011 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.104888916 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.326628923 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.327758074 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.327904940 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.332556963 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.332576990 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.332633018 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.334305048 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.379348040 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.379642963 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.384805918 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.594754934 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.598270893 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.603286982 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.815251112 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:47.815987110 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:47.821100950 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.034210920 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.038768053 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:48.044357061 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.272483110 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.276035070 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:48.281002998 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.492938042 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.495322943 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:48.500628948 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.806677103 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:48.811335087 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:48.816384077 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.028259039 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.028666973 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.028666973 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.028804064 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.028804064 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.030020952 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.033888102 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.034059048 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.038796902 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038805962 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038813114 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038820028 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038822889 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038830042 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038836956 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038842916 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038858891 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038868904 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038871050 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.038876057 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.038907051 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.044078112 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.044130087 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.048791885 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048805952 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048815012 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048823118 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048830032 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048839092 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048846006 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048851013 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.048856020 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.048881054 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.048927069 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.054229021 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.054281950 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.059247971 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059257984 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059267044 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059276104 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059283018 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059290886 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059298038 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059307098 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059314013 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.059314966 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059324980 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059328079 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.059334993 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059345007 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059353113 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.059360981 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064625025 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064635038 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064644098 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064651966 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064660072 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064667940 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064677000 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064685106 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064693928 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.064702034 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.094506025 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:49.111283064 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111293077 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111301899 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111310005 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111319065 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111325979 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111335039 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111341953 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111350060 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.111357927 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.116652012 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.670876980 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:49.719508886 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:56.334971905 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:56.340039968 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:56.552647114 CEST5874972691.235.116.231192.168.2.9
                    May 23, 2024 15:17:56.553059101 CEST49726587192.168.2.991.235.116.231
                    May 23, 2024 15:17:56.554902077 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:56.608405113 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:56.608506918 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:57.316495895 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:57.316688061 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:57.321695089 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:57.536776066 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:57.537050009 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:57.542810917 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:57.758707047 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:57.759057999 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:57.788667917 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.016475916 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.016540051 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.016654015 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:58.018177986 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.020268917 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:58.045907974 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.045964003 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:58.050045013 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.255465984 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.257100105 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:58.320724010 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.550338984 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.550580025 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:58.555464983 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.770976067 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:58.771476984 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:58.776525021 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.002145052 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.002410889 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.009493113 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.221846104 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.222044945 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.226984978 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.540462971 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.540647984 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.548326969 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.760998011 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.761280060 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.761313915 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.761352062 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.761396885 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.763813019 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.766220093 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.766274929 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.771007061 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771023035 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771028042 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771030903 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771035910 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771039963 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771044016 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771047115 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771056890 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771061897 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771080971 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.771217108 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.771264076 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.775806904 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.775873899 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.780574083 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780587912 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780599117 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780610085 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780620098 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780632019 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.780639887 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780651093 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780661106 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.780673981 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.780730963 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.785384893 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.785465956 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.790404081 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.790417910 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.790432930 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.790442944 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.790452003 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.790502071 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.790535927 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.795175076 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.795233011 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.800028086 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800040960 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800050974 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800060987 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800070047 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800077915 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.800079107 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800090075 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800101995 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800111055 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800122023 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800122976 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:17:59.800132990 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800143957 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800153971 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800158978 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.800168991 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.804826021 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.804837942 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.804847956 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809595108 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809606075 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809614897 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809626102 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809636116 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809652090 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.809663057 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:17:59.824774981 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:18:00.263607979 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:18:00.313296080 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:18:04.692835093 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:18:04.706464052 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:18:04.924186945 CEST5874972791.235.116.231192.168.2.9
                    May 23, 2024 15:18:04.927720070 CEST49727587192.168.2.991.235.116.231
                    May 23, 2024 15:18:04.928807020 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:04.986552000 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:04.987375975 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:05.679956913 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:05.690562010 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:05.743496895 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:05.904064894 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:05.904285908 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:05.911348104 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.201564074 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.202079058 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:06.220803022 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.424706936 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.425910950 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.426018000 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:06.430692911 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.430713892 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.430794001 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:06.432596922 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:06.441284895 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.650557995 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.653583050 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:06.658668995 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.883935928 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:06.884166002 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:06.889106035 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.098901987 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.099526882 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:07.105330944 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.327553988 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.329549074 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:07.334496021 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.543116093 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.547199011 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:07.552275896 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.855258942 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:07.855600119 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:07.860816002 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.070126057 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.070507050 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.070590019 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.070628881 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.070688009 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.072201014 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.075486898 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.075566053 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.080806971 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080821037 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080847025 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080861092 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080873966 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080885887 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080890894 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.080899954 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080909967 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.080914021 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080934048 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080935955 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.080949068 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.080960989 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.080962896 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.081006050 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.081022978 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.085758924 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.085815907 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.094235897 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.094244003 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.094268084 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.094280958 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.094290972 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.094295979 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.094306946 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.094310999 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.094338894 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.094358921 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.102562904 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.102612972 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.110923052 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.111011028 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.115735054 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.115801096 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.120656967 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120678902 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120687962 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120697975 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120702982 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.120708942 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120719910 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120719910 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.120731115 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120740891 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120743036 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.120750904 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120767117 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120773077 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120778084 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120784998 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120789051 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120790005 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.120791912 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:08.125581980 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.125600100 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130342007 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130362988 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130388021 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130398035 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130409002 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130413055 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130423069 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.130433083 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.176140070 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.553617954 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:08.594559908 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:16.637866020 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:16.642857075 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:16.852197886 CEST5874972891.235.116.231192.168.2.9
                    May 23, 2024 15:18:16.852715015 CEST49728587192.168.2.991.235.116.231
                    May 23, 2024 15:18:16.853840113 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:16.864691973 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:16.866524935 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:17.671801090 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:17.674505949 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:17.679449081 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:17.894972086 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:17.899396896 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:17.904365063 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:18.117125034 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:18.117640018 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:18.125490904 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:18.333128929 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:18.340662003 CEST5874972991.235.116.231192.168.2.9
                    May 23, 2024 15:18:18.340790987 CEST49729587192.168.2.991.235.116.231
                    May 23, 2024 15:18:18.403424978 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:18.408466101 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:18.408538103 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.103773117 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.104410887 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.112314939 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.322977066 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.323338985 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.328661919 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.540342093 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.540999889 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.545856953 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.765204906 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.766088963 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.766293049 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.769864082 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.769876957 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.770041943 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.774497032 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.816476107 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:19.816593885 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:19.822837114 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.026793957 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.029238939 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:20.034198046 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.244076967 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.246491909 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:20.251380920 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.461807966 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.462084055 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:20.467009068 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.692449093 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.692728996 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:20.697868109 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.920506954 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:20.920721054 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:20.930269003 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.233481884 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.234502077 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.239362001 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.449070930 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.449486971 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.449487925 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.449487925 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.449867964 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.450838089 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.454370022 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.454509020 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.465065002 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465078115 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465086937 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465095043 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465102911 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465111971 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465120077 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465127945 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465135098 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465143919 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465152025 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465161085 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.465169907 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.465169907 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.465218067 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.470093966 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.471339941 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.474862099 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.474874020 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.474881887 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.475048065 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.479599953 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.483309031 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.484399080 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.484407902 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.484415054 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.484422922 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.484430075 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.484437943 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.484668970 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:21.489362001 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494148970 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494160891 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494168997 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494178057 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494185925 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494199991 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494204998 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494210005 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494214058 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494218111 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494221926 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494225979 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494229078 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.494230032 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.543361902 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:21.936580896 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:22.001317024 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:22.093241930 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:22.104407072 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:22.315764904 CEST5874973091.235.116.231192.168.2.9
                    May 23, 2024 15:18:22.316224098 CEST49730587192.168.2.991.235.116.231
                    May 23, 2024 15:18:22.317195892 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:22.368546009 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:22.370213032 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.058960915 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.059106112 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.064088106 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.273788929 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.273957968 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.336966991 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.500736952 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.501204967 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.513324022 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.548466921 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.554775953 CEST5874973191.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.554944038 CEST49731587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.598992109 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:23.608948946 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:23.609016895 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:24.314575911 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.314740896 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:24.321400881 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.533696890 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.539310932 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:24.551513910 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.758078098 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.758464098 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:24.769176006 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.990606070 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.992398024 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:24.992476940 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:24.995925903 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.026238918 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:25.076925993 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.290736914 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.292288065 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:25.297235966 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.532701015 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.532880068 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:25.550594091 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.767348051 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:25.770508051 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:25.775489092 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.004159927 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.004404068 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.063967943 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.227565050 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.230681896 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.242129087 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.545728922 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.546509981 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.551449060 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.765717030 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.766102076 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.766156912 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.766227007 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.766307116 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.767752886 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.770992994 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.771064997 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.780601025 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780613899 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780622959 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780631065 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780637980 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780647039 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780654907 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780663013 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780670881 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780673981 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.780679941 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780688047 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780695915 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.780714035 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.780730009 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.780761003 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.785597086 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.785660028 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.790373087 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790384054 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790393114 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790401936 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790410042 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790419102 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790427923 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790431976 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.790435076 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790443897 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.790446043 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.790457964 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.790509939 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.790534019 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.795172930 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.795219898 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.800848007 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800857067 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800867081 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800875902 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800883055 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800890923 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800899982 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800908089 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800910950 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:26.800915956 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800924063 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800931931 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800939083 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800946951 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800954103 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800957918 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800966024 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.800973892 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805843115 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805850983 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805859089 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805866957 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805875063 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805881977 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805891037 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805898905 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805907965 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.805915117 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851412058 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851424932 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851433992 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851442099 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851449013 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851453066 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:26.851459980 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:27.256424904 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:27.391526937 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:28.258375883 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:28.263453007 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:28.476402998 CEST5874973291.235.116.231192.168.2.9
                    May 23, 2024 15:18:28.477076054 CEST49732587192.168.2.991.235.116.231
                    May 23, 2024 15:18:28.478065014 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:28.532656908 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:28.533305883 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:29.260885954 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.261014938 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:29.265878916 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.479856014 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.482773066 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:29.487749100 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.707688093 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.725824118 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:29.732475042 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.962495089 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.963978052 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.964288950 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:29.967483044 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:29.969007015 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:30.020440102 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.270045996 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.271958113 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:30.277721882 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.491390944 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.494205952 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:30.499118090 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.713661909 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.714775085 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:30.720151901 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.946876049 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:30.947191000 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:30.953028917 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:31.167007923 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:31.167398930 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:31.172370911 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:31.220257044 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:31.225687027 CEST5874973391.235.116.231192.168.2.9
                    May 23, 2024 15:18:31.231313944 CEST49733587192.168.2.991.235.116.231
                    May 23, 2024 15:18:31.274744034 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:31.288615942 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:31.288754940 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:31.979995966 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:31.981520891 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:31.987402916 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.196613073 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.202512026 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:32.207431078 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.416918039 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.417727947 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:32.422715902 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.643260956 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.643273115 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.643337011 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:32.649419069 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.651308060 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:32.700895071 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.909548998 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:32.911546946 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:32.916883945 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.125047922 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.126020908 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:33.131052017 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.383910894 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.387090921 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:33.392054081 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.615509987 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.636437893 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:33.642136097 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.849679947 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:33.854502916 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:33.859391928 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.164141893 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.167027950 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.175712109 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.383289099 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.383785963 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.387913942 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.387913942 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.388016939 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.394855976 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.399799109 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.399832010 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.399844885 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.399857044 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.399869919 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.399903059 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.404536963 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404551029 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404562950 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404573917 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404586077 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404597998 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.404597998 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404611111 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404622078 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.404623985 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.404640913 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.404654980 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.404670954 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.410008907 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.410022020 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.410103083 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.415853977 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.415873051 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.415884972 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.415896893 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.415908098 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.415919065 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.415955067 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.415987968 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.415987968 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.416021109 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.416039944 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.421427965 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.421458006 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.421528101 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.421552896 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.427377939 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427390099 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427402020 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427428961 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427442074 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427453041 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427453995 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:34.427464962 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427490950 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427525043 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427552938 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427565098 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427577019 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427603006 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427614927 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427625895 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427651882 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427664042 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427689075 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.427701950 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432710886 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432723999 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432750940 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432763100 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432789087 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432800055 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432811975 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.432821989 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.437459946 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.437469006 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.437479019 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:34.487350941 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:35.768666029 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:35.768666029 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:35.770524025 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:35.788156033 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:35.793160915 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:35.844274998 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:36.119699955 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:36.204090118 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:40.887067080 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:40.932818890 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:41.147454977 CEST5874973491.235.116.231192.168.2.9
                    May 23, 2024 15:18:41.148045063 CEST49734587192.168.2.991.235.116.231
                    May 23, 2024 15:18:41.149182081 CEST49735587192.168.2.991.235.116.231
                    May 23, 2024 15:18:41.161654949 CEST5874973591.235.116.231192.168.2.9
                    May 23, 2024 15:18:41.161782026 CEST49735587192.168.2.991.235.116.231
                    May 23, 2024 15:18:41.190519094 CEST49735587192.168.2.991.235.116.231
                    May 23, 2024 15:18:41.261864901 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:41.267086029 CEST5874973591.235.116.231192.168.2.9
                    May 23, 2024 15:18:41.267172098 CEST49735587192.168.2.991.235.116.231
                    May 23, 2024 15:18:41.272042036 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:41.272133112 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:42.066909075 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.067172050 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:42.072113037 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.280462980 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.282512903 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:42.290785074 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.500741959 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.503245115 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:42.508373022 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.727252960 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.728200912 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.729923964 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:42.732959986 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.734132051 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:42.739963055 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.995275021 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:42.997541904 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:43.047286034 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.213165045 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.213355064 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:43.240835905 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.440021038 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.440277100 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:43.445169926 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.704391956 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:43.709712982 CEST5874973691.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.711292982 CEST49736587192.168.2.991.235.116.231
                    May 23, 2024 15:18:43.781579018 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:43.786564112 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:43.786808968 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:44.506469011 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:44.506628990 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:44.511708975 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:44.723767042 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:44.724061966 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:44.729022980 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:44.942347050 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:44.942838907 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:44.947776079 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.169775009 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.170335054 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.174527884 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.174535990 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.174565077 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.174772024 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.179301023 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.195724010 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.198879004 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.200617075 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.421428919 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.428451061 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.433377028 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.645473957 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.656603098 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.661523104 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.875498056 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:45.877837896 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:45.882785082 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.119569063 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.119887114 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.124808073 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.336838007 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.337040901 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.395505905 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.654341936 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.654905081 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.660206079 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.876117945 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.876471996 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.876544952 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.876594067 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.876683950 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.877851009 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.883316994 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.883426905 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.889698982 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889714003 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889723063 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889733076 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889741898 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889750004 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889759064 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889766932 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889775991 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889784098 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889796972 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.889800072 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.889800072 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.889834881 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.889847994 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.896312952 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.896362066 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.906429052 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.906439066 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.906449080 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.906456947 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.906471968 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.906502008 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.906532049 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.906568050 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.906588078 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.913098097 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.913249016 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.920831919 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.920854092 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.920861959 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.920869112 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.920880079 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.920900106 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.920943975 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.928193092 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.928257942 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.939496994 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.939507008 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.939541101 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.939578056 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:46.944411039 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.944422007 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.944432974 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.950166941 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.950191021 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.950201035 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:46.950212002 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.003359079 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.003371954 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.003395081 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.003405094 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.003412008 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.373871088 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.501029968 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:47.593532085 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:47.598788023 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.812776089 CEST5874973791.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.815716982 CEST49737587192.168.2.991.235.116.231
                    May 23, 2024 15:18:47.819351912 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:47.869535923 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:47.871470928 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:48.561564922 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:48.561741114 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:48.566961050 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:48.778038979 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:48.778230906 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:48.784959078 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:48.994195938 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:48.994923115 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:48.999789000 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.218230009 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.219672918 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.219831944 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.222989082 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.223023891 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.223258972 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.224451065 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.271459103 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.276369095 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.276456118 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.485584974 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.490725994 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.495703936 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.705086946 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.706504107 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.714869022 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.831367970 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.841346025 CEST5874973891.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.841427088 CEST49738587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.899445057 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:49.904691935 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:49.904910088 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:50.595005035 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:50.637212992 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:50.642272949 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:50.850665092 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:50.850826025 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:50.855772018 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.065519094 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.065886974 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.070771933 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.288557053 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.290677071 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.293366909 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.295448065 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.295461893 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.297621012 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.298975945 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.343343973 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.347282887 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.348239899 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.556689978 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.610512018 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.618292093 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.661058903 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.869688034 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:51.870207071 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:51.880661964 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:56.109071016 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:56.109359980 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:56.114290953 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:56.173443079 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:56.181420088 CEST5874973991.235.116.231192.168.2.9
                    May 23, 2024 15:18:56.181466103 CEST49739587192.168.2.991.235.116.231
                    May 23, 2024 15:18:56.246954918 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:56.252499104 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:56.252576113 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:56.971597910 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:56.971875906 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:57.029963970 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.187041044 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.190510988 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:57.195390940 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.407329082 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.408018112 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:57.412990093 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.652769089 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.654597044 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.655275106 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:57.659957886 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.663276911 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:57.708724976 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.931823015 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:57.933701038 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:57.975183010 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.157196045 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.159816980 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:58.164712906 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.380626917 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.380908966 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:58.394320011 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.619874001 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.620110035 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:58.627257109 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.837316036 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:58.837508917 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.205873013 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.205902100 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.213799000 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.215509892 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.220771074 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.271321058 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.433784008 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.434973955 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.435070038 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.435128927 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.435128927 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.439323902 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.444144011 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.444205046 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.456317902 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456335068 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456348896 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456357002 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456367016 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456374884 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456382990 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456389904 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456393003 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456399918 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456432104 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.456434011 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456432104 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.456443071 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.456468105 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.456527948 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.461049080 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.461113930 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.465830088 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465837955 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465845108 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465850115 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465854883 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465859890 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465866089 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465871096 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.465878963 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.465956926 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.470629930 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.471322060 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.475404024 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475419998 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475428104 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475436926 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475445986 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475454092 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475476980 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.475485086 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475493908 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.475524902 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.475550890 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.480488062 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.480503082 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.480608940 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.485394001 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485409975 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485418081 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485426903 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485434055 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485443115 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485451937 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485459089 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485466957 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485476017 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485482931 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485488892 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:18:59.485491037 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485500097 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485507965 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485516071 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.485522985 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.490272999 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.490286112 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.490293026 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.490302086 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.495131016 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.495143890 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.495151043 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.495160103 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.547359943 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:18:59.928466082 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:19:00.110349894 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:19:05.345266104 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:19:05.355146885 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:19:05.585599899 CEST5874974091.235.116.231192.168.2.9
                    May 23, 2024 15:19:05.586544037 CEST49740587192.168.2.991.235.116.231
                    May 23, 2024 15:19:05.586544037 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:05.636606932 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:05.639293909 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:06.341356993 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:06.341530085 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:06.346558094 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:06.559581041 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:06.559787035 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:06.567593098 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:06.778594971 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:06.778983116 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:06.784420013 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.003405094 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.005315065 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.005371094 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.009717941 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.009726048 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.009773970 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.011440039 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.056150913 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.056327105 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.061022997 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.271254063 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.274141073 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.282596111 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.490597963 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.491034985 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.496680975 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.706546068 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.706849098 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.713359118 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.939361095 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:07.941164017 CEST49741587192.168.2.991.235.116.231
                    May 23, 2024 15:19:07.949532986 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:08.156622887 CEST5874974191.235.116.231192.168.2.9
                    May 23, 2024 15:19:08.204132080 CEST49741587192.168.2.991.235.116.231

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 23, 2024 15:14:57.230475903 CEST5758653192.168.2.91.1.1.1
                    May 23, 2024 15:14:57.243927002 CEST53575861.1.1.1192.168.2.9
                    May 23, 2024 15:14:58.749483109 CEST5299953192.168.2.91.1.1.1
                    May 23, 2024 15:14:58.793510914 CEST53529991.1.1.1192.168.2.9

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    May 23, 2024 15:14:57.230475903 CEST192.168.2.91.1.1.10xa1b7Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                    May 23, 2024 15:14:58.749483109 CEST192.168.2.91.1.1.10xb9b2Standard query (0)tqpas.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    May 23, 2024 15:14:57.243927002 CEST1.1.1.1192.168.2.90xa1b7No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                    May 23, 2024 15:14:57.243927002 CEST1.1.1.1192.168.2.90xa1b7No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                    May 23, 2024 15:14:57.243927002 CEST1.1.1.1192.168.2.90xa1b7No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                    May 23, 2024 15:14:58.793510914 CEST1.1.1.1192.168.2.90xb9b2No error (0)tqpas.com91.235.116.231A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • api.ipify.org

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.949706172.67.74.1524432796C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                    TimestampBytes transferredDirectionData
                    2024-05-23 13:14:57 UTC155OUTGET / HTTP/1.1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                    Host: api.ipify.org
                    Connection: Keep-Alive
                    2024-05-23 13:14:58 UTC211INHTTP/1.1 200 OK
                    Date: Thu, 23 May 2024 13:14:57 GMT
                    Content-Type: text/plain
                    Content-Length: 12
                    Connection: close
                    Vary: Origin
                    CF-Cache-Status: DYNAMIC
                    Server: cloudflare
                    CF-RAY: 88854fdfdc380f85-EWR
                    2024-05-23 13:14:58 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35
                    Data Ascii: 8.46.123.175


                    SMTP Packets

                    TimestampSource PortDest PortSource IPDest IPCommands
                    May 23, 2024 15:14:59.752000093 CEST5874970991.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:14:59 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:14:59.752450943 CEST49709587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:14:59.971720934 CEST5874970991.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:14:59.973042965 CEST49709587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:15:00.227339983 CEST5874970991.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:16:29.851469994 CEST5874971691.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:16:29 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:16:29.851650953 CEST49716587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:16:30.069086075 CEST5874971691.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:16:30.069251060 CEST49716587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:16:30.288781881 CEST5874971691.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:16:38.132740021 CEST5874971791.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:16:38 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:16:39.198159933 CEST49717587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:16:39.413265944 CEST5874971791.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:16:39.413748026 CEST49717587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:16:39.631014109 CEST5874971791.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:16:42.075617075 CEST5874971891.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:16:41 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:16:42.075930119 CEST49718587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:16:42.292871952 CEST5874971891.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:16:42.295022964 CEST49718587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:16:42.523263931 CEST5874971891.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:14.286801100 CEST5874971991.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:14 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:14.286973953 CEST49719587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:14.504234076 CEST5874971991.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:14.504420042 CEST49719587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:14.724899054 CEST5874971991.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:16.085582972 CEST5874972091.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:15 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:16.085726023 CEST49720587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:16.304831982 CEST5874972091.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:16.304975986 CEST49720587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:16.526599884 CEST5874972091.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:17.820373058 CEST5874972191.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:17 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:17.826422930 CEST49721587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:18.043673038 CEST5874972191.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:18.043812990 CEST49721587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:18.271934032 CEST5874972191.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:28.480262041 CEST5874972291.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:28 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:28.480480909 CEST49722587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:28.739450932 CEST5874972291.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:29.943500042 CEST49722587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:30.158343077 CEST5874972291.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:36.495038986 CEST5874972491.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:36 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:36.495212078 CEST49724587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:36.711803913 CEST5874972491.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:36.711930037 CEST49724587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:36.939527988 CEST5874972491.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:45.693214893 CEST5874972591.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:45 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:45.693375111 CEST49725587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:46.639533997 CEST5874972691.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:46 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:46.643246889 CEST49726587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:46.860116005 CEST5874972691.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:46.860651016 CEST49726587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:47.098895073 CEST5874972691.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:17:57.316495895 CEST5874972791.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:17:57 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:17:57.316688061 CEST49727587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:17:57.536776066 CEST5874972791.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:17:57.537050009 CEST49727587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:17:57.758707047 CEST5874972791.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:05.679956913 CEST5874972891.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:05 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:05.690562010 CEST49728587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:05.904064894 CEST5874972891.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:05.904285908 CEST49728587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:06.201564074 CEST5874972891.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:17.671801090 CEST5874972991.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:17 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:17.674505949 CEST49729587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:17.894972086 CEST5874972991.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:17.899396896 CEST49729587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:18.117125034 CEST5874972991.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:19.103773117 CEST5874973091.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:18 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:19.104410887 CEST49730587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:19.322977066 CEST5874973091.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:19.323338985 CEST49730587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:19.540342093 CEST5874973091.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:23.058960915 CEST5874973191.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:22 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:23.059106112 CEST49731587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:23.273788929 CEST5874973191.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:23.273957968 CEST49731587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:23.500736952 CEST5874973191.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:24.314575911 CEST5874973291.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:24 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:24.314740896 CEST49732587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:24.533696890 CEST5874973291.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:24.539310932 CEST49732587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:24.758078098 CEST5874973291.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:29.260885954 CEST5874973391.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:29 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:29.261014938 CEST49733587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:29.479856014 CEST5874973391.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:29.482773066 CEST49733587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:29.707688093 CEST5874973391.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:31.979995966 CEST5874973491.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:31 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:31.981520891 CEST49734587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:32.196613073 CEST5874973491.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:32.202512026 CEST49734587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:32.416918039 CEST5874973491.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:42.066909075 CEST5874973691.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:41 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:42.067172050 CEST49736587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:42.280462980 CEST5874973691.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:42.282512903 CEST49736587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:42.500741959 CEST5874973691.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:44.506469011 CEST5874973791.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:44 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:44.506628990 CEST49737587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:44.723767042 CEST5874973791.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:44.724061966 CEST49737587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:44.942347050 CEST5874973791.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:48.561564922 CEST5874973891.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:48 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:48.561741114 CEST49738587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:48.778038979 CEST5874973891.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:48.778230906 CEST49738587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:48.994195938 CEST5874973891.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:50.595005035 CEST5874973991.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:50 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:50.637212992 CEST49739587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:50.850665092 CEST5874973991.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:50.850826025 CEST49739587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:51.065519094 CEST5874973991.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:18:56.971597910 CEST5874974091.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:18:56 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:18:56.971875906 CEST49740587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:18:57.187041044 CEST5874974091.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:18:57.190510988 CEST49740587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:18:57.407329082 CEST5874974091.235.116.231192.168.2.9220 TLS go ahead
                    May 23, 2024 15:19:06.341356993 CEST5874974191.235.116.231192.168.2.9220-server15.thcservers.com ESMTP Exim 4.96.2 #2 Thu, 23 May 2024 09:19:06 -0400
                    220-We do not authorize the use of this system to transport unsolicited,
                    220 and/or bulk e-mail.
                    May 23, 2024 15:19:06.341530085 CEST49741587192.168.2.991.235.116.231EHLO 724536
                    May 23, 2024 15:19:06.559581041 CEST5874974191.235.116.231192.168.2.9250-server15.thcservers.com Hello 724536 [8.46.123.175]
                    250-SIZE 52428800
                    250-8BITMIME
                    250-PIPELINING
                    250-PIPECONNECT
                    250-STARTTLS
                    250 HELP
                    May 23, 2024 15:19:06.559787035 CEST49741587192.168.2.991.235.116.231STARTTLS
                    May 23, 2024 15:19:06.778594971 CEST5874974191.235.116.231192.168.2.9220 TLS go ahead

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:09:14:55
                    Start date:23/05/2024
                    Path:C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\hesaphareketi-015232024.SCR.exe"
                    Imagebase:0x270000
                    File size:329'216 bytes
                    MD5 hash:14F0B309C14C5F5E75C9A1D95967318B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1273273213.0000000003619000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:09:14:55
                    Start date:23/05/2024
                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                    Imagebase:0x670000
                    File size:65'440 bytes
                    MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3734809898.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3744691064.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:high
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:8.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:20
                      Total number of Limit Nodes:0
                      execution_graph 15250 24fe7e8 DuplicateHandle 15251 24fe87e 15250->15251 15252 24fbce8 15255 24fc1d8 15252->15255 15253 24fbcf7 15256 24fc21c 15255->15256 15257 24fc1f9 15255->15257 15256->15253 15257->15256 15263 24fc470 15257->15263 15267 24fc480 15257->15267 15258 24fc214 15258->15256 15259 24fc420 GetModuleHandleW 15258->15259 15260 24fc44d 15259->15260 15260->15253 15264 24fc494 15263->15264 15265 24fc4b9 15264->15265 15271 24fbe30 15264->15271 15265->15258 15268 24fc494 15267->15268 15269 24fc4b9 15268->15269 15270 24fbe30 LoadLibraryExW 15268->15270 15269->15258 15270->15269 15272 24fc660 LoadLibraryExW 15271->15272 15274 24fc6d9 15272->15274 15274->15265

                      Executed Functions

                      Function 024FC1D8 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                      Download Yara Rule

                      Control-flow Graph

                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 024FC43E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1273152913.00000000024F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_24f0000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 41d54b54dd47df4344920420e6e179545d973277a239115536e63d5b334b1a48
                      • Instruction ID: fc23856db8f815ef7e25de9471d789cdab5edb83505c9feaa8867b4a93389808
                      • Opcode Fuzzy Hash: 41d54b54dd47df4344920420e6e179545d973277a239115536e63d5b334b1a48
                      • Instruction Fuzzy Hash: BF813570A00B458FD764DF6AD09079ABBF1FF88204F00892ED58ADBB40D774E84ACB91
                      Function 024FE7E8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 58 24fe7e8-24fe87c DuplicateHandle 59 24fe87e-24fe884 58->59 60 24fe885-24fe8a2 58->60 59->60
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 024FE86F
                      Memory Dump Source
                      • Source File: 00000000.00000002.1273152913.00000000024F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_24f0000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 6fe006f69e6bc3c12d8f08b4579f4e7d0f1e013735e0e0d5d4fb713ebac06755
                      • Instruction ID: f7761688b6b16b743be1caef4a8af6ebc2af8d7c2bf3d71c1be5f779ec7d883e
                      • Opcode Fuzzy Hash: 6fe006f69e6bc3c12d8f08b4579f4e7d0f1e013735e0e0d5d4fb713ebac06755
                      • Instruction Fuzzy Hash: 4821E4B5D002099FDB10CF9AD584ADEFBF4FB48310F14842AE918A3350D374A940CFA0
                      Function 024FBE30 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 63 24fbe30-24fc6a0 65 24fc6a8-24fc6d7 LoadLibraryExW 63->65 66 24fc6a2-24fc6a5 63->66 67 24fc6d9-24fc6df 65->67 68 24fc6e0-24fc6fd 65->68 66->65 67->68
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,024FC4B9,00000800,00000000,00000000), ref: 024FC6CA
                      Memory Dump Source
                      • Source File: 00000000.00000002.1273152913.00000000024F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_24f0000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 0739ae69a2fb75835b7f461c85a5cbcc0841cf620a1be730d4f76d6dc802af69
                      • Instruction ID: 2ae5b152a713a5d7469eef51e64a919947a4ec0beeccb8f988b421caf57b8dad
                      • Opcode Fuzzy Hash: 0739ae69a2fb75835b7f461c85a5cbcc0841cf620a1be730d4f76d6dc802af69
                      • Instruction Fuzzy Hash: 511100B69043099FEB10CF9AD484B9EFBF4EB88610F10846AE519A7600C3B5A545CFA9
                      Function 024FC3D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 71 24fc3d8-24fc418 72 24fc41a-24fc41d 71->72 73 24fc420-24fc44b GetModuleHandleW 71->73 72->73 74 24fc44d-24fc453 73->74 75 24fc454-24fc468 73->75 74->75
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 024FC43E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1273152913.00000000024F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_24f0000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: ec7a05783fe6709636e842be7a2671fa6f527c2e0cca14e18be0db5dba5701ed
                      • Instruction ID: e6e24134d5179cab70757cc415e02f6f17e2b0f58de148095be49edfdc5bd29c
                      • Opcode Fuzzy Hash: ec7a05783fe6709636e842be7a2671fa6f527c2e0cca14e18be0db5dba5701ed
                      • Instruction Fuzzy Hash: 2F11DFB6C006498FDB10DF9AD484BDEFBF4AB88214F10846AD919A7610D379A545CFA1
                      Function 008BD5B8 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1271640816.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_8bd000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c44d189abc205fb81bceac5feb0c0b4ba249fb27bef884a0d8f35120d9e4ed5b
                      • Instruction ID: 03ee56838ca2a0f4cd94059bc5fc41f7ee24cda5bca0690bb9c24252645882fa
                      • Opcode Fuzzy Hash: c44d189abc205fb81bceac5feb0c0b4ba249fb27bef884a0d8f35120d9e4ed5b
                      • Instruction Fuzzy Hash: 9F2145B1500304EFDB14DF10C9C0F66BB65FBA9318F248169E80A8B346D336D856CBE2
                      Function 008CD01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1271689616.00000000008CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_8cd000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8b701f304bd79394923d169fe25376778652de99d426ed9c58be8d01f04c9bf4
                      • Instruction ID: 3a416e3c4e1c589a914b81e9b5777e08a635219763d41a4da862128ae38adcee
                      • Opcode Fuzzy Hash: 8b701f304bd79394923d169fe25376778652de99d426ed9c58be8d01f04c9bf4
                      • Instruction Fuzzy Hash: 5021C1715047449FDB14EF18D5C0F16BB65FB84314F24C57DD80A8B286C336D847CA62
                      Function 008BD5B3 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1271640816.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_8bd000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                      • Instruction ID: 07f26bf082069ea76d76364bc9ab79ec420a6ea5be90805ef95b57e79ae88a2f
                      • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                      • Instruction Fuzzy Hash: 3411DF72404240DFCB01CF10D5C4B56BF61FBA5314F2486A9D8094B256C33AD856CBA1
                      Function 008CD017 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1271689616.00000000008CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_8cd000_hesaphareketi-015232024.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                      • Instruction ID: ff91af9160c7b382c046a478cca47d437b390b0c8195279147e799b44188e011
                      • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                      • Instruction Fuzzy Hash: 52118B75504780DFCB15DF14D5C4B15BBB2FB84314F28C6AED8498B696C33AD84ACBA2

                      Execution Graph

                      Execution Coverage:12.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:20
                      Total number of Limit Nodes:5
                      execution_graph 26994 cc0848 26996 cc084e 26994->26996 26995 cc091b 26996->26995 26998 cc1383 26996->26998 26999 cc130f 26998->26999 27001 cc138b 26998->27001 26999->26996 27000 cc1480 27000->26996 27001->27000 27003 cc7ea8 27001->27003 27004 cc7eb2 27003->27004 27005 cc7ecc 27004->27005 27008 640fb20 27004->27008 27013 640fb30 27004->27013 27005->27001 27010 640fb30 27008->27010 27009 640fd5a 27009->27005 27010->27009 27011 640fd80 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 27010->27011 27012 640fd71 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 27010->27012 27011->27010 27012->27010 27015 640fb45 27013->27015 27014 640fd5a 27014->27005 27015->27014 27016 640fd80 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 27015->27016 27017 640fd71 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 27015->27017 27016->27015 27017->27015

                      Executed Functions

                      Function 00CCA950 Relevance: 3.1, Instructions: 3107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8c772d1df52bf24722e9d56e395632388c30187c9c794c7f3b04fdc946630664
                      • Instruction ID: 755f6b34ab15ea1d0ff7c8c2736cbd03f15ea078933ba979eee8724c7cbeb10f
                      • Opcode Fuzzy Hash: 8c772d1df52bf24722e9d56e395632388c30187c9c794c7f3b04fdc946630664
                      • Instruction Fuzzy Hash: 55630D31D10B198ACB11EF68C894AA9F7B1FF99300F15C79AE45977121EB70AAC5CF81
                      Function 064056B0 Relevance: 1.8, Strings: 1, Instructions: 593COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 520 64056b0-64056cd 521 64056cf-64056d2 520->521 522 64056d4-64056e1 521->522 523 64056e6-64056e9 521->523 522->523 524 64056f7-64056fa 523->524 525 64056eb-64056f2 523->525 527 6405706-6405709 524->527 528 64056fc-6405705 524->528 525->524 529 640585b-6405861 527->529 530 640570f-6405712 527->530 533 6405867 529->533 534 64057bf-64057c5 529->534 531 6405721-6405724 530->531 532 6405714-640571a 530->532 538 6405726-6405743 531->538 539 6405748-640574b 531->539 536 640571c 532->536 537 640574d-6405750 532->537 535 640586c-640586e 533->535 540 64057cb-64057d3 534->540 541 640588c-64058bb 534->541 542 6405870 535->542 543 6405875-6405878 535->543 536->531 544 6405755-6405758 537->544 538->539 539->537 539->544 540->541 545 64057d9-64057e6 540->545 558 64058c5-64058c8 541->558 542->543 543->521 546 640587e-640588b 543->546 549 6405774-6405777 544->549 550 640575a-640576f 544->550 545->541 551 64057ec-64057f0 545->551 552 640583a-6405840 549->552 553 640577d-6405780 549->553 550->549 554 64057f5-64057f8 551->554 555 6405782-640578c 552->555 559 6405846 552->559 553->555 556 640579a-640579d 553->556 561 64057fa-6405809 554->561 562 640580e-6405811 554->562 571 6405793-6405795 555->571 565 64057ba-64057bd 556->565 566 640579f-64057b5 556->566 567 64058e0-64058e3 558->567 568 64058ca-64058db 558->568 569 640584b-640584e 559->569 561->562 563 6405813-6405816 562->563 564 640581b-640581e 562->564 563->564 572 6405820-6405824 564->572 573 640582b-640582e 564->573 565->534 565->554 566->565 576 64058e5-64058ec 567->576 577 64058ed-64058f0 567->577 568->567 574 6405850-6405851 569->574 575 6405856-6405859 569->575 571->556 572->546 578 6405826 572->578 579 6405830-6405832 573->579 580 6405835-6405838 573->580 574->575 575->529 575->535 583 6405912-6405915 577->583 584 64058f2-64058f6 577->584 578->573 579->580 580->552 580->569 587 6405926-6405929 583->587 588 6405917-6405921 583->588 585 64059aa-64059e4 584->585 586 64058fc-6405904 584->586 599 64059e6-64059e9 585->599 586->585 589 640590a-640590d 586->589 590 6405939-640593c 587->590 591 640592b-6405932 587->591 588->587 589->583 595 6405956-6405959 590->595 596 640593e-6405942 590->596 593 64059a2-64059a9 591->593 594 6405934 591->594 594->590 600 6405973-6405976 595->600 601 640595b-640595f 595->601 596->585 598 6405944-640594c 596->598 598->585 604 640594e-6405951 598->604 605 6405a03-6405a06 599->605 606 64059eb-64059fc 599->606 602 6405990-6405992 600->602 603 6405978-640597c 600->603 601->585 607 6405961-6405969 601->607 612 6405994 602->612 613 6405999-640599c 602->613 603->585 611 640597e-6405986 603->611 604->595 609 6405ad8-6405c6c 605->609 610 6405a0c-6405a0f 605->610 618 6405a77-6405a7e 606->618 619 64059fe 606->619 607->585 608 640596b-640596e 607->608 608->600 669 6405da2-6405db5 609->669 670 6405c72-6405c79 609->670 614 6405a11-6405a24 610->614 615 6405a27-6405a2a 610->615 611->585 616 6405988-640598b 611->616 612->613 613->558 613->593 621 6405a38-6405a3b 615->621 622 6405a2c-6405a33 615->622 616->602 623 6405a83-6405a86 618->623 619->605 625 6405a55-6405a58 621->625 626 6405a3d-6405a4e 621->626 622->621 623->609 627 6405a88-6405a8b 623->627 629 6405a72-6405a75 625->629 630 6405a5a-6405a6b 625->630 636 6405a9a-6405aab 626->636 638 6405a50 626->638 631 6405a95-6405a98 627->631 632 6405a8d-6405a92 627->632 629->618 629->623 630->614 639 6405a6d 630->639 635 6405ab2-6405ab5 631->635 631->636 632->631 640 6405ab7-6405ac8 635->640 641 6405acf-6405ad2 635->641 636->618 645 6405aad 636->645 638->625 639->629 640->618 649 6405aca 640->649 641->609 642 6405db8-6405dba 641->642 646 6405dc1-6405dc4 642->646 647 6405dbc 642->647 645->635 646->599 650 6405dca-6405dd3 646->650 647->646 649->641 671 6405d2d-6405d34 670->671 672 6405c7f-6405cb2 670->672 671->669 673 6405d36-6405d69 671->673 683 6405cb4 672->683 684 6405cb7-6405cf8 672->684 685 6405d6b 673->685 686 6405d6e-6405d9b 673->686 683->684 694 6405d10-6405d17 684->694 695 6405cfa-6405d0b 684->695 685->686 686->650 697 6405d1f-6405d21 694->697 695->650 697->650
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID: $
                      • API String ID: 0-3993045852
                      • Opcode ID: 19e7b4aa2f495a54a4a207c1c93acf20c54acfb2ce675ae07ee1338f9714b102
                      • Instruction ID: e03a7f231c11d42fcfff92ac2d5a9d0b961a83b704a9bdd6332224d60cbb7fb0
                      • Opcode Fuzzy Hash: 19e7b4aa2f495a54a4a207c1c93acf20c54acfb2ce675ae07ee1338f9714b102
                      • Instruction Fuzzy Hash: DA22B375E102258FEB69DBA4C5806AFBBB2EF85310F24847AD415AB385DB35DC41CFA0
                      Function 06402358 Relevance: 1.5, Instructions: 1530COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fdf0d7eba159870a4f11837b126ee1be90d4ce60593f394ec89bffde435952da
                      • Instruction ID: 8cc1ef1a704d027d84e1174dd613ad9e26b6c774d94e3f2a6c6886b38073fbeb
                      • Opcode Fuzzy Hash: fdf0d7eba159870a4f11837b126ee1be90d4ce60593f394ec89bffde435952da
                      • Instruction Fuzzy Hash: 2FE23B34A00215CFEB65DF68C584A9EBBF2FF89304F5485AAD409AB391DB70DD85CB50
                      Function 064066E0 Relevance: .8, Instructions: 810COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f55b7905b65479a8cf3c8644fcae4d2079c94e6ddc17e1c93805556914d29969
                      • Instruction ID: 08312ce0c49e3c17effa93cfc3b4d84f57aaeb0dfd3041c970bee46b1542f1ad
                      • Opcode Fuzzy Hash: f55b7905b65479a8cf3c8644fcae4d2079c94e6ddc17e1c93805556914d29969
                      • Instruction Fuzzy Hash: 9362AF34B002248FEB55DB68D594AAEB7F2EF88314F15847AE406DB391DB35EC41CB90
                      Function 0640B328 Relevance: .8, Instructions: 758COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc5df8ec6eab2c294bd27465fd717c3432d93f37e2ca2be9d863870b653987d3
                      • Instruction ID: 2e0ae62ab5a51576e5d0ee50a8347191131e7fea51ec4ab991cb002257e38869
                      • Opcode Fuzzy Hash: bc5df8ec6eab2c294bd27465fd717c3432d93f37e2ca2be9d863870b653987d3
                      • Instruction Fuzzy Hash: C5527030E102198FEB65DB68D5907AEB7B2FB49310F24883AE405EB391DB36DD41CB95
                      Function 0640C268 Relevance: .6, Instructions: 638COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2090 640c268-640c28a 2091 640c28c-640c28f 2090->2091 2092 640c291-640c294 2091->2092 2093 640c299-640c29c 2091->2093 2092->2093 2094 640c2bc-640c2bf 2093->2094 2095 640c29e-640c2b7 2093->2095 2096 640c2c1-640c2d0 2094->2096 2097 640c2db-640c2de 2094->2097 2095->2094 2106 640c462-640c463 2096->2106 2107 640c2d6 2096->2107 2099 640c2e0-640c2fc 2097->2099 2100 640c301-640c304 2097->2100 2099->2100 2101 640c324-640c327 2100->2101 2102 640c306-640c31f 2100->2102 2104 640c437-640c440 2101->2104 2105 640c32d-640c330 2101->2105 2102->2101 2113 640c446 2104->2113 2114 640c5b8-640c5c1 2104->2114 2111 640c332-640c339 2105->2111 2112 640c344-640c347 2105->2112 2110 640c468-640c46b 2106->2110 2107->2097 2115 640c498-640c49b 2110->2115 2116 640c46d-640c493 2110->2116 2111->2092 2117 640c33f 2111->2117 2120 640c373-640c376 2112->2120 2121 640c349-640c36e 2112->2121 2123 640c44b-640c44e 2113->2123 2118 640c5c3-640c5c7 2114->2118 2119 640c604-640c63d 2114->2119 2129 640c4ab-640c4ae 2115->2129 2130 640c49d-640c4a0 2115->2130 2116->2115 2117->2112 2128 640c5cc-640c5cf 2118->2128 2149 640c63f-640c642 2119->2149 2124 640c3a3-640c3a6 2120->2124 2125 640c378-640c39e 2120->2125 2121->2120 2126 640c450-640c453 2123->2126 2127 640c458-640c45b 2123->2127 2135 640c3b8-640c3bb 2124->2135 2136 640c3a8-640c3b3 2124->2136 2125->2124 2126->2127 2127->2130 2133 640c45d-640c460 2127->2133 2137 640c5d1-640c5e2 2128->2137 2138 640c5e7-640c5e9 2128->2138 2131 640c4b0-640c4b5 2129->2131 2132 640c4b8-640c4bb 2129->2132 2141 640c4a6 2130->2141 2142 640c3ea-640c3ed 2130->2142 2131->2132 2146 640c4db-640c4de 2132->2146 2147 640c4bd-640c4d6 2132->2147 2133->2106 2133->2110 2144 640c3e5-640c3e8 2135->2144 2145 640c3bd-640c3e0 2135->2145 2136->2135 2137->2138 2150 640c5f0-640c5f3 2138->2150 2151 640c5eb 2138->2151 2141->2129 2142->2119 2148 640c3f3-640c3fa 2142->2148 2144->2142 2154 640c3ff-640c402 2144->2154 2145->2144 2155 640c4e0-640c4e2 2146->2155 2156 640c4e5-640c4e8 2146->2156 2147->2146 2148->2154 2158 640c662-640c665 2149->2158 2159 640c644-640c65d 2149->2159 2150->2091 2161 640c5f9-640c603 2150->2161 2151->2150 2167 640c404-640c40a 2154->2167 2168 640c40f-640c412 2154->2168 2155->2156 2169 640c501-640c504 2156->2169 2170 640c4ea-640c4fc 2156->2170 2162 640c672-640c675 2158->2162 2163 640c667-640c671 2158->2163 2159->2158 2171 640c677-640c685 2162->2171 2172 640c68c-640c68f 2162->2172 2167->2168 2174 640c432-640c435 2168->2174 2175 640c414-640c42d 2168->2175 2176 640c511-640c514 2169->2176 2177 640c506-640c50c 2169->2177 2170->2169 2190 640c6b7-640c6d0 2171->2190 2195 640c687 2171->2195 2181 640c691-640c6ad 2172->2181 2182 640c6b2-640c6b5 2172->2182 2174->2104 2174->2123 2175->2174 2185 640c540-640c543 2176->2185 2186 640c516-640c53b 2176->2186 2177->2176 2181->2182 2182->2190 2191 640c6dd-640c6df 2182->2191 2188 640c5b3-640c5b6 2185->2188 2189 640c545-640c5ae 2185->2189 2186->2185 2188->2114 2188->2128 2189->2188 2202 640c6ef-640c6fb 2190->2202 2212 640c6d2-640c6dc 2190->2212 2198 640c6e1 2191->2198 2199 640c6e6-640c6e9 2191->2199 2195->2172 2198->2199 2199->2149 2199->2202 2205 640c701-640c70a 2202->2205 2206 640c89b-640c8a5 2202->2206 2209 640c710-640c730 2205->2209 2210 640c8a6-640c8de 2205->2210 2223 640c736-640c73f 2209->2223 2224 640c889-640c895 2209->2224 2216 640c8e0-640c8e3 2210->2216 2218 640c8e9-640c8f7 2216->2218 2219 640ca9f-640caa2 2216->2219 2226 640c8fe-640c900 2218->2226 2221 640caa4-640cac0 2219->2221 2222 640cac5-640cac7 2219->2222 2221->2222 2227 640cac9 2222->2227 2228 640cace-640cad1 2222->2228 2223->2210 2229 640c745-640c774 call 6406690 2223->2229 2224->2205 2224->2206 2231 640c902-640c905 2226->2231 2232 640c917-640c941 2226->2232 2227->2228 2228->2216 2233 640cad7-640cae0 2228->2233 2245 640c7b6-640c7cc 2229->2245 2246 640c776-640c7ae 2229->2246 2231->2233 2243 640ca94-640ca9e 2232->2243 2244 640c947-640c950 2232->2244 2247 640c956-640ca65 call 6406690 2244->2247 2248 640ca6d-640ca92 2244->2248 2253 640c7ea-640c800 2245->2253 2254 640c7ce-640c7e2 2245->2254 2246->2245 2247->2244 2297 640ca6b 2247->2297 2248->2233 2263 640c802-640c816 2253->2263 2264 640c81e-640c831 2253->2264 2254->2253 2263->2264 2269 640c833-640c83d 2264->2269 2270 640c83f 2264->2270 2271 640c844-640c846 2269->2271 2270->2271 2273 640c877-640c883 2271->2273 2274 640c848-640c84d 2271->2274 2273->2223 2273->2224 2275 640c85b 2274->2275 2276 640c84f-640c859 2274->2276 2278 640c860-640c862 2275->2278 2276->2278 2278->2273 2279 640c864-640c870 2278->2279 2279->2273 2297->2243
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c544933f07fe46fb0b5d9e76fa18b523a86e3b1ab913d17f6cb87862830808b
                      • Instruction ID: 4a0a838cb2c2436fcce32b985d5ece85ea42686b7748f28bdc8bb5ef3ff7f17b
                      • Opcode Fuzzy Hash: 2c544933f07fe46fb0b5d9e76fa18b523a86e3b1ab913d17f6cb87862830808b
                      • Instruction Fuzzy Hash: 46329D35B00219CFEF55DB68D580BAEB7B2EB88314F148A2AE405E7795DB35EC41CB90
                      Function 06407E70 Relevance: .5, Instructions: 469COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2536 6407e70-6407e8e 2537 6407e90-6407e93 2536->2537 2538 6407e95-6407eb1 2537->2538 2539 6407eb6-6407eb9 2537->2539 2538->2539 2540 6407ed0-6407ed3 2539->2540 2541 6407ebb-6407ec9 2539->2541 2543 6407ef4-6407ef7 2540->2543 2544 6407ed5-6407eef 2540->2544 2551 6407f16-6407f2c 2541->2551 2552 6407ecb 2541->2552 2545 6407f04-6407f06 2543->2545 2546 6407ef9-6407f03 2543->2546 2544->2543 2549 6407f08 2545->2549 2550 6407f0d-6407f10 2545->2550 2549->2550 2550->2537 2550->2551 2556 6407f32-6407f3b 2551->2556 2557 6408147-6408151 2551->2557 2552->2540 2558 6407f41-6407f5e 2556->2558 2559 6408152-6408187 2556->2559 2566 6408134-6408141 2558->2566 2567 6407f64-6407f8c 2558->2567 2562 6408189-640818c 2559->2562 2564 6408192-640819e 2562->2564 2565 640823f-6408242 2562->2565 2572 64081a9-64081ab 2564->2572 2568 6408248-6408257 2565->2568 2569 640846e-6408471 2565->2569 2566->2556 2566->2557 2567->2566 2594 6407f92-6407f9b 2567->2594 2579 6408276-64082b1 2568->2579 2580 6408259-6408274 2568->2580 2570 6408473-640848f 2569->2570 2571 6408494-6408496 2569->2571 2570->2571 2574 6408498 2571->2574 2575 640849d-64084a0 2571->2575 2576 64081c3-64081ca 2572->2576 2577 64081ad-64081b3 2572->2577 2574->2575 2575->2562 2582 64084a6-64084af 2575->2582 2585 64081db 2576->2585 2586 64081cc-64081d9 2576->2586 2583 64081b5 2577->2583 2584 64081b7-64081b9 2577->2584 2595 6408442-6408458 2579->2595 2596 64082b7-64082c8 2579->2596 2580->2579 2583->2576 2584->2576 2587 64081e0-64081e2 2585->2587 2586->2587 2589 64081e4-64081e7 2587->2589 2590 64081f9-6408232 2587->2590 2589->2582 2590->2568 2617 6408234-640823e 2590->2617 2594->2559 2597 6407fa1-6407fbd 2594->2597 2595->2569 2605 640842d-640843c 2596->2605 2606 64082ce-64082eb 2596->2606 2607 6408122-640812e 2597->2607 2608 6407fc3-6407fed 2597->2608 2605->2595 2605->2596 2606->2605 2616 64082f1-64083e7 call 6406690 2606->2616 2607->2566 2607->2594 2620 6407ff3-640801b 2608->2620 2621 6408118-640811d 2608->2621 2669 64083f5 2616->2669 2670 64083e9-64083f3 2616->2670 2620->2621 2627 6408021-640804f 2620->2627 2621->2607 2627->2621 2633 6408055-640805e 2627->2633 2633->2621 2634 6408064-6408096 2633->2634 2642 64080a1-64080bd 2634->2642 2643 6408098-640809c 2634->2643 2642->2607 2645 64080bf-6408116 call 6406690 2642->2645 2643->2621 2644 640809e 2643->2644 2644->2642 2645->2607 2671 64083fa-64083fc 2669->2671 2670->2671 2671->2605 2672 64083fe-6408403 2671->2672 2673 6408411 2672->2673 2674 6408405-640840f 2672->2674 2675 6408416-6408418 2673->2675 2674->2675 2675->2605 2676 640841a-6408426 2675->2676 2676->2605
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b8063c8ccbcdf39a6aaca3826ed2392ba755aa8d73a23dc1d3e314868a09c9f3
                      • Instruction ID: 5b595c689dda21920ae72f7548151f7d6b10b8b084703ca402639373d1827358
                      • Opcode Fuzzy Hash: b8063c8ccbcdf39a6aaca3826ed2392ba755aa8d73a23dc1d3e314868a09c9f3
                      • Instruction Fuzzy Hash: A202AC30B002258FEF55DB64D990AAEBBB2FF88314F14893AD4159B391DB35EC42CB90
                      Function 00CCE290 Relevance: .3, Instructions: 332COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a0a861f7c4003d0bb373fdb1f30e64fa5235148d69058fc878b5ee990bdaed5f
                      • Instruction ID: ac1c74c623f675d6cc35440c176501f1d18759ef232e2f5d83466e7774c43475
                      • Opcode Fuzzy Hash: a0a861f7c4003d0bb373fdb1f30e64fa5235148d69058fc878b5ee990bdaed5f
                      • Instruction Fuzzy Hash: D9B1B134B002189BDB19AB75D86477E7BB7BFC9700B18882EE446E7384DE34DC029B91
                      Function 00CC41C8 Relevance: .3, Instructions: 281COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cde0d47eaa54a115970e4550e954a2ed632f6432acedea499afaba3dbb605ad2
                      • Instruction ID: 77845d6bd9c10fc345e00d1274f4d8e7c7d581e185691717dbb66d590c7cd417
                      • Opcode Fuzzy Hash: cde0d47eaa54a115970e4550e954a2ed632f6432acedea499afaba3dbb605ad2
                      • Instruction Fuzzy Hash: 10B13D70E00249CFDB18CFA9C895B9DBBF2BF88314F24C52DE815A7294EB749945CB81
                      Function 00CC4A98 Relevance: .3, Instructions: 266COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b3c045b9dcf1476ec10a79302681b2f34286b991c8c79648daaaec518f483904
                      • Instruction ID: 61505c14b670538cb2571d1b462319f4e4714fc9ce86238214367596818a1bb4
                      • Opcode Fuzzy Hash: b3c045b9dcf1476ec10a79302681b2f34286b991c8c79648daaaec518f483904
                      • Instruction Fuzzy Hash: 14B15C70E00609CFDB18DFA9C8A5B9DBBF2AF88314F14C52DD815E7294EB749945CB81
                      Function 00CC3E80 Relevance: .2, Instructions: 238COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e835f1a8397b3495b92bed68f227001131806faef1efd865b60a08eb4aeee1fe
                      • Instruction ID: 7d3302c56e57bbf3d70ed3b2af0f76d9c212023bdb557fa7c63ff683d1f8af90
                      • Opcode Fuzzy Hash: e835f1a8397b3495b92bed68f227001131806faef1efd865b60a08eb4aeee1fe
                      • Instruction Fuzzy Hash: 29914970E00249CFDB14CFA9D995B9EBBF2AF88304F14852DE415A7254EB749986CB81
                      Function 00CCEB28 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 698 cceb28-cceb33 699 cceb5d-cceb7c call cce718 698->699 700 cceb35-ccf87e 698->700 709 cceb7e-cceb81 699->709 710 cceb82-ccebe1 699->710 707 ccf885-ccf895 700->707 708 ccf880 call ccf2f8 700->708 713 ccf89a-ccf89c 707->713 708->707 718 ccebe7-ccec74 GlobalMemoryStatusEx 710->718 719 ccebe3-ccebe6 710->719 722 ccec7d-cceca5 718->722 723 ccec76-ccec7c 718->723 723->722
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bbd31e316cbb8e36cdbefca177a1957643b0ab1a17b038c699a53a7afc706020
                      • Instruction ID: 1fd6319dfb6e80c6a75c323227864029505fd4d575d90c63affced70380c9f06
                      • Opcode Fuzzy Hash: bbd31e316cbb8e36cdbefca177a1957643b0ab1a17b038c699a53a7afc706020
                      • Instruction Fuzzy Hash: F7411172D0075A8FDB14CFB9D8047AEBBF1AF8A310F04856AD408A7641EB789945CB90
                      Function 00CCE718 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 726 cce718-ccec74 GlobalMemoryStatusEx 729 ccec7d-cceca5 726->729 730 ccec76-ccec7c 726->730 730->729
                      APIs
                      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,00CCEB7A), ref: 00CCEC67
                      Memory Dump Source
                      • Source File: 00000002.00000002.3743356461.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_cc0000_RegAsm.jbxd
                      Similarity
                      • API ID: GlobalMemoryStatus
                      • String ID:
                      • API String ID: 1890195054-0
                      • Opcode ID: fecfde2246b3389277f242b70b15d233dc7138d04ab327e1d8c42523ff81aad7
                      • Instruction ID: 55d087fcc2227068cd443fc38689df85b53bbbd9b6b24de958551b03b6902b9b
                      • Opcode Fuzzy Hash: fecfde2246b3389277f242b70b15d233dc7138d04ab327e1d8c42523ff81aad7
                      • Instruction Fuzzy Hash: 0C1103B1C0065A9BDB10CF9AC544BDEFBF4AB49320F15856AD818B7240D378A944CFE5
                      Function 0640D038 Relevance: .8, Instructions: 800COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1545 640d038-640d053 1546 640d055-640d058 1545->1546 1547 640d067-640d06a 1546->1547 1548 640d05a-640d05c 1546->1548 1551 640d0b3-640d0b6 1547->1551 1552 640d06c-640d0ae 1547->1552 1549 640d062 1548->1549 1550 640d3df-640d3e8 1548->1550 1549->1547 1553 640d3f7-640d403 1550->1553 1554 640d3ea-640d3ef 1550->1554 1555 640d0b8-640d0fa 1551->1555 1556 640d0ff-640d102 1551->1556 1552->1551 1557 640d514-640d519 1553->1557 1558 640d409-640d41d 1553->1558 1554->1553 1555->1556 1559 640d104-640d113 1556->1559 1560 640d14b-640d14e 1556->1560 1576 640d521 1557->1576 1558->1576 1577 640d423-640d435 1558->1577 1562 640d122-640d12e 1559->1562 1563 640d115-640d11a 1559->1563 1565 640d150-640d192 1560->1565 1566 640d197-640d19a 1560->1566 1569 640d134-640d146 1562->1569 1570 640da55-640da8e 1562->1570 1563->1562 1565->1566 1571 640d1e3-640d1e6 1566->1571 1572 640d19c-640d1de 1566->1572 1569->1560 1589 640da90-640da93 1570->1589 1574 640d1f0-640d1f3 1571->1574 1575 640d1e8-640d1ed 1571->1575 1572->1571 1582 640d1f5-640d237 1574->1582 1583 640d23c-640d23f 1574->1583 1575->1574 1584 640d524-640d530 1576->1584 1598 640d437-640d43d 1577->1598 1599 640d459-640d45b 1577->1599 1582->1583 1587 640d241-640d283 1583->1587 1588 640d288-640d28b 1583->1588 1584->1559 1591 640d536-640d823 1584->1591 1587->1588 1588->1584 1601 640d291-640d294 1588->1601 1595 640daa2-640daa5 1589->1595 1596 640da95 1589->1596 1757 640d829-640d82f 1591->1757 1758 640da4a-640da54 1591->1758 1605 640daa7-640dac3 1595->1605 1606 640dac8-640dacb 1595->1606 1804 640da95 call 640dbc0 1596->1804 1805 640da95 call 640dbad 1596->1805 1607 640d441-640d44d 1598->1607 1608 640d43f 1598->1608 1604 640d465-640d471 1599->1604 1610 640d2a3-640d2a6 1601->1610 1611 640d296-640d298 1601->1611 1634 640d473-640d47d 1604->1634 1635 640d47f 1604->1635 1605->1606 1617 640dacd-640daf9 1606->1617 1618 640dafe-640db00 1606->1618 1620 640d44f-640d457 1607->1620 1608->1620 1613 640d2a8-640d2c4 1610->1613 1614 640d2c9-640d2cc 1610->1614 1611->1576 1622 640d29e 1611->1622 1613->1614 1626 640d315-640d318 1614->1626 1627 640d2ce-640d310 1614->1627 1615 640da9b-640da9d 1615->1595 1617->1618 1629 640db02 1618->1629 1630 640db07-640db0a 1618->1630 1620->1604 1622->1610 1638 640d361-640d364 1626->1638 1639 640d31a-640d35c 1626->1639 1627->1626 1629->1630 1630->1589 1640 640db0c-640db1b 1630->1640 1644 640d484-640d486 1634->1644 1635->1644 1649 640d381-640d384 1638->1649 1650 640d366-640d37c 1638->1650 1639->1638 1666 640db82-640db97 1640->1666 1667 640db1d-640db80 call 6406690 1640->1667 1644->1576 1652 640d48c-640d4a8 call 6406690 1644->1652 1654 640d386-640d395 1649->1654 1655 640d3cd-640d3cf 1649->1655 1650->1649 1685 640d4b7-640d4c3 1652->1685 1686 640d4aa-640d4af 1652->1686 1661 640d3a4-640d3b0 1654->1661 1662 640d397-640d39c 1654->1662 1664 640d3d1 1655->1664 1665 640d3d6-640d3d9 1655->1665 1661->1570 1671 640d3b6-640d3c8 1661->1671 1662->1661 1664->1665 1665->1546 1665->1550 1667->1666 1671->1655 1685->1557 1689 640d4c5-640d512 1685->1689 1686->1685 1689->1576 1759 640d831-640d836 1757->1759 1760 640d83e-640d847 1757->1760 1759->1760 1760->1570 1761 640d84d-640d860 1760->1761 1763 640d866-640d86c 1761->1763 1764 640da3a-640da44 1761->1764 1765 640d87b-640d884 1763->1765 1766 640d86e-640d873 1763->1766 1764->1757 1764->1758 1765->1570 1767 640d88a-640d8ab 1765->1767 1766->1765 1770 640d8ba-640d8c3 1767->1770 1771 640d8ad-640d8b2 1767->1771 1770->1570 1772 640d8c9-640d8e6 1770->1772 1771->1770 1772->1764 1775 640d8ec-640d8f2 1772->1775 1775->1570 1776 640d8f8-640d911 1775->1776 1778 640d917-640d93e 1776->1778 1779 640da2d-640da34 1776->1779 1778->1570 1782 640d944-640d94e 1778->1782 1779->1764 1779->1775 1782->1570 1783 640d954-640d96b 1782->1783 1785 640d97a-640d995 1783->1785 1786 640d96d-640d978 1783->1786 1785->1779 1791 640d99b-640d9b4 call 6406690 1785->1791 1786->1785 1795 640d9c3-640d9cc 1791->1795 1796 640d9b6-640d9bb 1791->1796 1795->1570 1797 640d9d2-640da26 1795->1797 1796->1795 1797->1779 1804->1615 1805->1615
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9ae862b4ec23f254976d1c7a342dd106c1498e1d8cf5716b3d84e2d3e8a38a6b
                      • Instruction ID: 4cf046b611a2e16bb590f2c1bf6f3cdfeeafc6a0322c3f088c478277af09bd7a
                      • Opcode Fuzzy Hash: 9ae862b4ec23f254976d1c7a342dd106c1498e1d8cf5716b3d84e2d3e8a38a6b
                      • Instruction Fuzzy Hash: 22624D30A0071A8FDB55EFA8D580A5EB7F2FF84304B248A69D0059F759DB71ED4ACB90
                      Function 0640ADC0 Relevance: .4, Instructions: 392COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2951 640adc0-640adde 2952 640ade0-640ade3 2951->2952 2953 640ade5-640adea 2952->2953 2954 640aded-640adf0 2952->2954 2953->2954 2955 640ae00-640ae03 2954->2955 2956 640adf2-640adfb 2954->2956 2957 640ae05-640ae0e 2955->2957 2958 640ae1d-640ae20 2955->2958 2956->2955 2959 640ae14-640ae18 2957->2959 2960 640aff7-640b001 2957->2960 2961 640ae22-640ae3e 2958->2961 2962 640ae43-640ae46 2958->2962 2959->2958 2974 640b003-640b02e 2960->2974 2975 640b064 2960->2975 2961->2962 2963 640ae48-640ae55 2962->2963 2964 640ae5a-640ae5d 2962->2964 2963->2964 2965 640ae6e-640ae71 2964->2965 2966 640ae5f-640ae63 2964->2966 2972 640ae77-640ae7a 2965->2972 2973 640afdd-640afe6 2965->2973 2970 640ae69 2966->2970 2971 640afec-640aff6 2966->2971 2970->2965 2978 640ae94-640ae96 2972->2978 2979 640ae7c-640ae8f 2972->2979 2973->2957 2973->2971 2980 640b030-640b033 2974->2980 2977 640b066-640b069 2975->2977 2981 640b2d2-640b2d5 2977->2981 2982 640b06f-640b0aa 2977->2982 2985 640ae98 2978->2985 2986 640ae9d-640aea0 2978->2986 2979->2978 2983 640b035-640b051 2980->2983 2984 640b056-640b059 2980->2984 2990 640b2e2-640b2e5 2981->2990 2991 640b2d7-640b2e1 2981->2991 3000 640b0b0-640b0bc 2982->3000 3001 640b29d-640b2b0 2982->3001 2983->2984 2984->2977 2988 640b05b-640b05f 2984->2988 2985->2986 2986->2952 2987 640aea6-640aeca 2986->2987 3010 640aed0-640aedf 2987->3010 3011 640afda 2987->3011 2988->2982 2992 640b061 2988->2992 2994 640b2f4-640b2f6 2990->2994 2995 640b2e7 2990->2995 2992->2975 2998 640b2f8 2994->2998 2999 640b2fd-640b300 2994->2999 3077 640b2e7 call 640b318 2995->3077 3078 640b2e7 call 640b328 2995->3078 2998->2999 2999->2980 3004 640b306-640b310 2999->3004 3008 640b0dc-640b120 3000->3008 3009 640b0be-640b0d7 3000->3009 3005 640b2b2 3001->3005 3002 640b2ed-640b2ef 3002->2994 3012 640b2b3 3005->3012 3028 640b122-640b134 3008->3028 3029 640b13c-640b17b 3008->3029 3009->3005 3015 640aee1-640aee7 3010->3015 3016 640aef7-640af32 call 6406690 3010->3016 3011->2973 3012->3012 3018 640aee9 3015->3018 3019 640aeeb-640aeed 3015->3019 3035 640af34-640af3a 3016->3035 3036 640af4a-640af61 3016->3036 3018->3016 3019->3016 3028->3029 3033 640b181-640b25c call 6406690 3029->3033 3034 640b262-640b277 3029->3034 3033->3034 3034->3001 3037 640af3c 3035->3037 3038 640af3e-640af40 3035->3038 3046 640af63-640af69 3036->3046 3047 640af79-640af8a 3036->3047 3037->3036 3038->3036 3048 640af6b 3046->3048 3049 640af6d-640af6f 3046->3049 3052 640afa2-640afd3 3047->3052 3053 640af8c-640af92 3047->3053 3048->3047 3049->3047 3052->3011 3055 640af94 3053->3055 3056 640af96-640af98 3053->3056 3055->3052 3056->3052 3077->3002 3078->3002
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4a2b9d02d65fbaadea4a45d46fffda0d21ebc5634762b45f1d529d9940f0180
                      • Instruction ID: bb31b71cc6cafb5e6e840c946a93e6647ffdaa8eb4fff811d1fb9939449aa7dc
                      • Opcode Fuzzy Hash: a4a2b9d02d65fbaadea4a45d46fffda0d21ebc5634762b45f1d529d9940f0180
                      • Instruction Fuzzy Hash: 23E17F70E103198FEB65DB64D4946AFB7B2FF89300F10853AE405AB395DB75D882CB90
                      Function 0640B318 Relevance: .3, Instructions: 291COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 55f10f797d03bf7bb16170928e3b099dbcd0392b9b96c4a62e5d1a280795ccf9
                      • Instruction ID: 4d3e191da9df46dff296b492928c6e6edb0fe28068815c1670563ce5b7292436
                      • Opcode Fuzzy Hash: 55f10f797d03bf7bb16170928e3b099dbcd0392b9b96c4a62e5d1a280795ccf9
                      • Instruction Fuzzy Hash: E4A1A234E102289BFF65DAA8D5907AF77B2FB89310F208836E405E77D1CA36DC419B56
                      Function 06409238 Relevance: .2, Instructions: 231COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a79026dc61032333ff38fe1a1715c58c7841dbe23b47ed2a8248de85b7e2377a
                      • Instruction ID: d44b98ebd1f2cde9c732f873678df9aad3097e179c1ceb8f3b7aab5b843ac3ea
                      • Opcode Fuzzy Hash: a79026dc61032333ff38fe1a1715c58c7841dbe23b47ed2a8248de85b7e2377a
                      • Instruction Fuzzy Hash: E1915130B002198FDB55DB69D9A07AF77F2AFC9304F14856AC449EB396EB719C428B90
                      Function 064062E0 Relevance: .2, Instructions: 229COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 749e545d682e2545383318973f31a0d4d0c0ee075d42f2678be5d43e624a5d52
                      • Instruction ID: 5d168f75f8e29ec89925881eaa2a449d716b954fcb7a93d71d09cc91978b506c
                      • Opcode Fuzzy Hash: 749e545d682e2545383318973f31a0d4d0c0ee075d42f2678be5d43e624a5d52
                      • Instruction Fuzzy Hash: 9B61D371F001214BEB119B7EC99466FBAE7AFC4220B1A443AD80EDB364DE75EC0287D1
                      Function 064043A8 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bb6b79fa1c64cbb0259833738138055ee40c6bf5e55934511e97a7cae0443141
                      • Instruction ID: 300490089890844a464bba1f5ca4da2d58493fc576f74f937df77fb70c2c7f78
                      • Opcode Fuzzy Hash: bb6b79fa1c64cbb0259833738138055ee40c6bf5e55934511e97a7cae0443141
                      • Instruction Fuzzy Hash: 20816F30B102198FDB55DFA8D5A07AEBBF2AF89304F14843AD50ADB395EB35DC428B51
                      Function 064046C8 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3df865c8c57784b595ea82cb711700e46d058dae6bbe8be2c2432593931134a7
                      • Instruction ID: 08ff18347e8a1ffa58698089c729a47064744bd8e603ca67116391a9498437dc
                      • Opcode Fuzzy Hash: 3df865c8c57784b595ea82cb711700e46d058dae6bbe8be2c2432593931134a7
                      • Instruction Fuzzy Hash: 1A914F70E00619CBEF61DF68C890B9DB7B1FF85310F2085A6D549AB385DB70A985CB90
                      Function 064043B8 Relevance: .2, Instructions: 218COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2eb4841c3b998210a6f506b82d8a02e6c37513566bebd9cda19baa2360e7ebd1
                      • Instruction ID: 163aae29128b4cdef175fa44936c072397c934df0d4fb50533f8f80d79e634ef
                      • Opcode Fuzzy Hash: 2eb4841c3b998210a6f506b82d8a02e6c37513566bebd9cda19baa2360e7ebd1
                      • Instruction Fuzzy Hash: 4C815F34B102198FDF55EFA8D5A07AEB7F2AB89304F14843AD50ADB395EB34DC428B51
                      Function 064046E0 Relevance: .2, Instructions: 210COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bde06dfaf80dfd2375ce13f64b5bdf3d4c582db06fc50aa1bcd8db8161769731
                      • Instruction ID: e33b60d542532ebd020444af1c5871ea4446ccdb5489443c5bce2b615e2090bc
                      • Opcode Fuzzy Hash: bde06dfaf80dfd2375ce13f64b5bdf3d4c582db06fc50aa1bcd8db8161769731
                      • Instruction Fuzzy Hash: AF911E74E10619CBEF60DF68C890B9DB7B1FF89310F2085A5D549BB385DB70AA858F90
                      Function 0640EC10 Relevance: .2, Instructions: 201COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0393119b7cf2d5bef77ef3d6611a3a987b835956611f3bcff53a629f3940ef00
                      • Instruction ID: 9315372c8f87e6713ed83ccc1276fd4dae5f272708b73e237ca3f4139a7e0679
                      • Opcode Fuzzy Hash: 0393119b7cf2d5bef77ef3d6611a3a987b835956611f3bcff53a629f3940ef00
                      • Instruction Fuzzy Hash: 76713C71A002199FEB54DBA9D980A9EBBF6FF88300F14882AD415EB355DB30ED56CB50
                      Function 0640EC02 Relevance: .2, Instructions: 199COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ab671a84592ab226957743aabde4ecf36241d7bf0f6cf3f7455eb05d4cb55e3
                      • Instruction ID: 44de564a3a54ade9bc345537ca7480165fd6fbdbf39d43d257d9013d2aff3833
                      • Opcode Fuzzy Hash: 3ab671a84592ab226957743aabde4ecf36241d7bf0f6cf3f7455eb05d4cb55e3
                      • Instruction Fuzzy Hash: D5714C71A002198FDB55DBA9D980A9EBBF6FF88300F14882AD415EB395DB34E946CB50
                      Function 06404C78 Relevance: .2, Instructions: 186COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 99a566ad6f7a7a5ee275527315d60939ced8cd85d3a3102296bb60a93f7e8827
                      • Instruction ID: 56a1e0bb88e87765cb75f26e3466d7d46f799332f70e7dfb17153d707b81ac6c
                      • Opcode Fuzzy Hash: 99a566ad6f7a7a5ee275527315d60939ced8cd85d3a3102296bb60a93f7e8827
                      • Instruction Fuzzy Hash: BE614E30F10218DFEB55DBA5D8547AEBBF6EB88300F20842AE105AB395DF758D459B90
                      Function 0640FD80 Relevance: .2, Instructions: 171COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ce7eebfea0197334fc0ad1755024d7057ebd2eb8bcacad3b6d0b9d6e284f6a99
                      • Instruction ID: b1a0ca2d509c142532ee8b623d740e10a29ace1410ac96f3d67e84e2c4fb2709
                      • Opcode Fuzzy Hash: ce7eebfea0197334fc0ad1755024d7057ebd2eb8bcacad3b6d0b9d6e284f6a99
                      • Instruction Fuzzy Hash: 9451A331E00115DFEBA5AB78E4447AEB7B6EF85311F20487BE906D7390DB359859CB80
                      Function 0640922E Relevance: .2, Instructions: 168COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e287dd90e37b45aedc955283c5ab320b8ca2dad6b9e0ca06bc57328e37bd7b4f
                      • Instruction ID: bb9b158ad09ce0f34b009bfa041633e66c6862b768612428e826fdf99ca908fc
                      • Opcode Fuzzy Hash: e287dd90e37b45aedc955283c5ab320b8ca2dad6b9e0ca06bc57328e37bd7b4f
                      • Instruction Fuzzy Hash: D2515030B001159FDB55DB68D9A0BAF77F2EB88704F54887AC849DB796EB319C028B90
                      Function 0640FB20 Relevance: .2, Instructions: 168COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 191e8b94ec65ad4f2e5d62320f9a851f4b858a0f9d9e10d420616c5febf6ffcc
                      • Instruction ID: 0137bf55b4824efb9788be3f5ca39e3276f2c8c3bdfa7ffd58b8c5e09305e890
                      • Opcode Fuzzy Hash: 191e8b94ec65ad4f2e5d62320f9a851f4b858a0f9d9e10d420616c5febf6ffcc
                      • Instruction Fuzzy Hash: 2451C731B102198BFFB5A668E89472F366AFB89710F10443AE90BC73D5CA79CC468791
                      Function 0640FB30 Relevance: .2, Instructions: 163COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 976a70aa678b499cf4c326d38cdbe2aec298a412977733f2b7197da4ec0189ea
                      • Instruction ID: 9084ebb2200a6b6c7ce2b7e0f316851b5955959cce02b6adf7bd30e49c5f0815
                      • Opcode Fuzzy Hash: 976a70aa678b499cf4c326d38cdbe2aec298a412977733f2b7197da4ec0189ea
                      • Instruction Fuzzy Hash: 3851B931B102198BFFB5A668D89472F766AEB89710F10443BE90BC73D5CA79CC464791
                      Function 06404C68 Relevance: .1, Instructions: 140COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4f2aabf6551f890c9cb97a47cfa3a0e031a95d25adf3610b8d561d336b9f2ce
                      • Instruction ID: 1fdd13acd304f0944de51a97d11bb6079008d6e7cd18bda1cab789006614b1c5
                      • Opcode Fuzzy Hash: a4f2aabf6551f890c9cb97a47cfa3a0e031a95d25adf3610b8d561d336b9f2ce
                      • Instruction Fuzzy Hash: 60516F70F002189FEB55DFA5C854BAEBBF6EF88700F24852AE105AB395DB759C019B90
                      Function 06405530 Relevance: .1, Instructions: 126COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0ceafb8b796ade31c343dfab95f28ac1d1a16632ebb70203f04e8d32545b9c4e
                      • Instruction ID: b73adb2e56329c3d98509ac828c5f528fdac28599dda08175f4a3a8f58370ccb
                      • Opcode Fuzzy Hash: 0ceafb8b796ade31c343dfab95f28ac1d1a16632ebb70203f04e8d32545b9c4e
                      • Instruction Fuzzy Hash: D2415F75E006198FEF75CEA9D980AAFF7B2FB84210F10493AE11AD7694D630E9458F90
                      Function 0640DBC0 Relevance: .1, Instructions: 117COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f95c8af7b724d7712172a9165e0c52e47f0e8630ecebb55edb4caf62e0d21901
                      • Instruction ID: 52ffeb2d17ad45c6056b3b1d206151d2da76fd28e8387ef45ba81542be236397
                      • Opcode Fuzzy Hash: f95c8af7b724d7712172a9165e0c52e47f0e8630ecebb55edb4caf62e0d21901
                      • Instruction Fuzzy Hash: CF417F30E10719DBEB65DFA5D4447AEBBB2BF85300F20852AD406EB380DB71D94ACB91
                      Function 0640DBAD Relevance: .1, Instructions: 113COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a2e146320ceafeb88f90a00d2aeae2ffffb558ad630b42648b490c3ae6a068c
                      • Instruction ID: 2d0a5799543cae935194aaf16eb2bb6fabb892a240475381be9c96a610e28ec6
                      • Opcode Fuzzy Hash: 6a2e146320ceafeb88f90a00d2aeae2ffffb558ad630b42648b490c3ae6a068c
                      • Instruction Fuzzy Hash: 39417D70E10759DFEB55DBA4D48479EBBB2BF86300F24852AD405EB380DB74D84ACB91
                      Function 064021BD Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f50114523f4c6715457a394a4c9f92018acf096c1870578e388abed802435529
                      • Instruction ID: cda221d6030ca1c905dcc91b1620a485e6f00145578f4bdfc75d5a84253ca93a
                      • Opcode Fuzzy Hash: f50114523f4c6715457a394a4c9f92018acf096c1870578e388abed802435529
                      • Instruction Fuzzy Hash: DA31E030B102518FEB56ABB4D5587AF7BA2AF8A204B24447ED402DB3D2DF75CD06C790
                      Function 064021D0 Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e2e47f13a2a8da15f1cf3e54eab4ddf996a75a405d050f5360b5f74dd3406a3c
                      • Instruction ID: 01442635c5b325ade8d7b93f95ba83c5b60564243b3b91d42b29054355e0ef21
                      • Opcode Fuzzy Hash: e2e47f13a2a8da15f1cf3e54eab4ddf996a75a405d050f5360b5f74dd3406a3c
                      • Instruction Fuzzy Hash: 6431CD30B102158BEB59ABB4D55876F7BA2BB89204B24843DD406EB3D1DF75CE06CBA1
                      Function 06402080 Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c44db0accb46119ab4e521a082cb2f98e069251a38df12443625c65d8d4b1c44
                      • Instruction ID: 87721c104f26efcecd22088c100fa4ba94ef0c784e49a91729096184c8b7edd8
                      • Opcode Fuzzy Hash: c44db0accb46119ab4e521a082cb2f98e069251a38df12443625c65d8d4b1c44
                      • Instruction Fuzzy Hash: F431A635E102199BDB1ACF64D56869FBBF2FF89300F10852AE905EB391DB71AD42CB50
                      Function 06402090 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13c4af8b6e42af340ea4d9d435e55e240c813b5f8d2502f415646008aad0fd4d
                      • Instruction ID: ed80af129f17cb94056b1fd0f895507a27de8200f776378801cf2cb884471c44
                      • Opcode Fuzzy Hash: 13c4af8b6e42af340ea4d9d435e55e240c813b5f8d2502f415646008aad0fd4d
                      • Instruction Fuzzy Hash: 19316535E106199BDB1ACF64D95869FBBF2FF89300F10852AE905EB390DB71AD41CB50
                      Function 06403BA8 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7f69a8db7cbcabc683a8c1d6c4ea28dc95813813be9b501a617f7f17367a1c4
                      • Instruction ID: 5a8dc77915a13360b9c3851ada6a3c1bcc82bed2e833cfbc391d622b29bc0279
                      • Opcode Fuzzy Hash: e7f69a8db7cbcabc683a8c1d6c4ea28dc95813813be9b501a617f7f17367a1c4
                      • Instruction Fuzzy Hash: 55216D76F002199FEB41DF69D980AAEBBF1EB48754F14802AE905E7391E734D841CBA4
                      Function 06403BB8 Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 985108634b30b8a028dcda1e9a915445dac81dfc2ed38855b5d59b086bfe1ca5
                      • Instruction ID: 4ffd22ade9979a303ecf38526a4f3b29db936286926859906269852be0191c89
                      • Opcode Fuzzy Hash: 985108634b30b8a028dcda1e9a915445dac81dfc2ed38855b5d59b086bfe1ca5
                      • Instruction Fuzzy Hash: B9217C75F006259FEB51DF69D980AAEBBF1EB48714F10803AE905E7391E734D8418BA4
                      Function 00C3D044 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3741415141.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c3d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 145629b5113748f3d6622d7abbc54e4d1b655b06902001ca1d2573d7aeabcffc
                      • Instruction ID: 6214658fd5514153b174bf4c39abecb2ef4661df35b611cbcf1963ade998711f
                      • Opcode Fuzzy Hash: 145629b5113748f3d6622d7abbc54e4d1b655b06902001ca1d2573d7aeabcffc
                      • Instruction Fuzzy Hash: EC210471514344DFDB18DF20E9C0B26BB65FB84714F24C5ADE84A4B282C736D846CB62
                      Function 00C3D20C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3741415141.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c3d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5016caa9689d475fc311f997769d4651879d6383bbb519c8ba35cfb5413eb11
                      • Instruction ID: 5e0d4d6ceb6fddae2fd6ab351375ad1014222d90b4b7c8e8f888688718390650
                      • Opcode Fuzzy Hash: b5016caa9689d475fc311f997769d4651879d6383bbb519c8ba35cfb5413eb11
                      • Instruction Fuzzy Hash: 9E210571514344DFDB05DF10E9C4B2BBB65FB84324F24C6A9E84A4B242C777DC46CAA2
                      Function 00C3D3BC Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3741415141.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c3d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43c9c772ae6efada7ac7151ab00d2e8afcbb6540ddce8f82dffeadfa6c5ec34e
                      • Instruction ID: 22c302f488875dc97a98d1dbe962b9d5acc83fef0bf11212987b8ea89343951c
                      • Opcode Fuzzy Hash: 43c9c772ae6efada7ac7151ab00d2e8afcbb6540ddce8f82dffeadfa6c5ec34e
                      • Instruction Fuzzy Hash: C52126B5514344DFDB04DF10E9C0B26BB65FB84314F24C56DE80A4B292C776E846CBA2
                      Function 06403CC8 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 729e86ac0c8caf442bb8c4cbbb86969ce82b22d2c7cc3b688d64e7ffeb1244ea
                      • Instruction ID: 8f12a98ee931983d1a8f96837aa20399e981b0a0d268864d8eb01e99c02185c6
                      • Opcode Fuzzy Hash: 729e86ac0c8caf442bb8c4cbbb86969ce82b22d2c7cc3b688d64e7ffeb1244ea
                      • Instruction Fuzzy Hash: B0118232B101294FDF569A69D8546AF77EAABC8351F04453AD406E7394EF35DC028B90
                      Function 06404308 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae79a41ac94d8989c4f35a3bb63e1e013bc23583c914ed5671268e9039b53ff4
                      • Instruction ID: 254effae0a8b0d6b9ad28cdc38fb757b0100ad69b6bef6073d7fab11dabcc386
                      • Opcode Fuzzy Hash: ae79a41ac94d8989c4f35a3bb63e1e013bc23583c914ed5671268e9039b53ff4
                      • Instruction Fuzzy Hash: 2601F131B002204FEB6695BDE51571F67D6CBCA720F10983EE20AC7B82DE71DC024391
                      Function 0640EE81 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d5f4c02daf6e1b049d5ce5f3ffd37e942b5c5536a921690590abd7a780ca3e41
                      • Instruction ID: dc8699eedae68856152d8867bd519dc73f221da1f81fa9fc1fb63c570b501e5d
                      • Opcode Fuzzy Hash: d5f4c02daf6e1b049d5ce5f3ffd37e942b5c5536a921690590abd7a780ca3e41
                      • Instruction Fuzzy Hash: 8901B535B001100BEB56962C945572BB7E6DBC9720F14893EF50AC7382DA31DC1243D5
                      Function 06403CB8 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e49de5b9167531ed6422ee210f8a298b392e99151459847a3dc40804b8344a18
                      • Instruction ID: be511787a1d841218f52c9d3a9e0e483a1499e5d5a66856f6b5a70abfe21d2de
                      • Opcode Fuzzy Hash: e49de5b9167531ed6422ee210f8a298b392e99151459847a3dc40804b8344a18
                      • Instruction Fuzzy Hash: F101D233B100254BDF8699AAC8546AB7BAB9BC5620F04403AD406D7390EF21880187D1
                      Function 06403980 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61abc71856ea4c4731658154ddbeb4ca55c48937c6e7de4a6fd187f3abe7e382
                      • Instruction ID: 193fcb0a41a88d601ec13f00103dace2069ea611bb2e8951a2105ecc0539be29
                      • Opcode Fuzzy Hash: 61abc71856ea4c4731658154ddbeb4ca55c48937c6e7de4a6fd187f3abe7e382
                      • Instruction Fuzzy Hash: E121EBB1C01259AFDB00CF9AD984ADEFFB4FB49320F10812AE918B7240C374A944CBA5
                      Function 00C3D207 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3741415141.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c3d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13ca49e0dbf2e9aadfdf1ca98bc1f242d09976a6448f2b599f30b6482e13893a
                      • Instruction ID: eba19c9c336e07c89002ad68d81ef9d813ab574ebe4466bb2c70561892594e08
                      • Opcode Fuzzy Hash: 13ca49e0dbf2e9aadfdf1ca98bc1f242d09976a6448f2b599f30b6482e13893a
                      • Instruction Fuzzy Hash: C811B275504284CFDB12CF10D5C4B56FB61FB84324F28C6AAD8594B646C33AD94ACB51
                      Function 00C3D3B7 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3741415141.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c3d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d7fc8320e9ffd4f8ec94d9e167b65ccdea872c3a8bd4eb18a3b2cc6050ea0561
                      • Instruction ID: 9d5cc628a42bdc667b10a23efae6c1013f760b4523e00025c832b839e5a4b292
                      • Opcode Fuzzy Hash: d7fc8320e9ffd4f8ec94d9e167b65ccdea872c3a8bd4eb18a3b2cc6050ea0561
                      • Instruction Fuzzy Hash: 25119D75504680DFCB05CF10E5C4B15FBA2FB84318F28C6AAD85A4B656C33AE94ACFA1
                      Function 00C3D03F Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3741415141.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c3d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d7fc8320e9ffd4f8ec94d9e167b65ccdea872c3a8bd4eb18a3b2cc6050ea0561
                      • Instruction ID: 774d74ad45b1117a155d52fa75faa1182a2381e8773eb6a71e8d72161120b564
                      • Opcode Fuzzy Hash: d7fc8320e9ffd4f8ec94d9e167b65ccdea872c3a8bd4eb18a3b2cc6050ea0561
                      • Instruction Fuzzy Hash: 5F11D075504284CFCB15CF10D9C4B15FB61FB44314F28C6A9D84A4B652C33AD94ACF52
                      Function 0640A3F0 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86f13b8208e73a80bacf5cb4774584cb69587bbc3ffc6a1b5497d74e42d66023
                      • Instruction ID: d3a10259140589d2aae4cd70e55b769c16f6e4b1ca318903cd716943399e034c
                      • Opcode Fuzzy Hash: 86f13b8208e73a80bacf5cb4774584cb69587bbc3ffc6a1b5497d74e42d66023
                      • Instruction Fuzzy Hash: 5B01F735B102201BEB56A67CE55976B77D1DBCA724F508839E10AC7793DF34EC024781
                      Function 06403988 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e5d7da2e5231a20090f0c7131b5b6a1109edb8375abed12de7702053b195c0aa
                      • Instruction ID: 7d025bad2cc5051a8b1aed9e653966ebc9a442b9315b0686d09c4e9a460345fa
                      • Opcode Fuzzy Hash: e5d7da2e5231a20090f0c7131b5b6a1109edb8375abed12de7702053b195c0aa
                      • Instruction Fuzzy Hash: B611CCB5D01259AFDB00CF9AD984ACEFBB4FB49320F10812AE918A7240D374A944CFA5
                      Function 06404318 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e923da3c66815e1eec3b09c904cfeccde027ee80faded9c74b5d449c49073d7
                      • Instruction ID: e5b943110b660c0a4e070c159bbe545e4f7923a110cb2bb8a1825875d596c468
                      • Opcode Fuzzy Hash: 3e923da3c66815e1eec3b09c904cfeccde027ee80faded9c74b5d449c49073d7
                      • Instruction Fuzzy Hash: 66018131B101208BEB6695BDE51572FA7DADBCD720F10983EE20AC7B85EE75DC024395
                      Function 0640EE90 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fc1b21cc35f9a596148d3e3a02caf2bc5ec5d5980002ea724e63dba8027e617b
                      • Instruction ID: f4af5a2bc1cacbea47cca2276999597f346b00419742977f79683dbab8b5e6be
                      • Opcode Fuzzy Hash: fc1b21cc35f9a596148d3e3a02caf2bc5ec5d5980002ea724e63dba8027e617b
                      • Instruction Fuzzy Hash: AB018C31B105241BEB66956CA45872FA7DADBC9720F108C3EF60AC7381EE35DC1243D5
                      Function 0640A400 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bdb8bd219a129eb6a0afd9dee0a5c14b68e47b9b6bd998e3809e8b54f807f083
                      • Instruction ID: e48e4bf78e292c6664d305f276e751970578841aec09ac34a3e4f259ef91bdd9
                      • Opcode Fuzzy Hash: bdb8bd219a129eb6a0afd9dee0a5c14b68e47b9b6bd998e3809e8b54f807f083
                      • Instruction Fuzzy Hash: BF01D135B102201BEB62A66CE458B2B73D5EBC9714F50883AE50AC7792DF31DC414780
                      Function 00C2D8C5 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3740359288.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c2d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8832a0254b9d4e9b8810a54de627d5ab0501e0ad70331a6b241700bc6e742026
                      • Instruction ID: e40d8d9623743dcf396fb3fdb8f0018343d6d97a649c23e5e308873f8b6669eb
                      • Opcode Fuzzy Hash: 8832a0254b9d4e9b8810a54de627d5ab0501e0ad70331a6b241700bc6e742026
                      • Instruction Fuzzy Hash: C60176310043509FF7109E16ED84B26BBD8EF61320F18C42AFD1A4A682CA39C980CBB2
                      Function 00C2D8C4 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3740359288.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_c2d000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cc3415171479863167d6b3a0b676562a0a3aa615a831ad97de2aaa93ee78b34e
                      • Instruction ID: ebaf43c49351c9aaeb65bbb29bacbfb25fc674fc468bdc7c0981096787983010
                      • Opcode Fuzzy Hash: cc3415171479863167d6b3a0b676562a0a3aa615a831ad97de2aaa93ee78b34e
                      • Instruction Fuzzy Hash: 70F0CD32004340AEEB508E06DD88B62FFD8EB91735F18C45AED594A686C6799C80CBB1
                      Function 0640C8C0 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fe045390f208e3b91d04d68a7f45f7d0da716cc06df12dc4ee69fb3cf6ca6fba
                      • Instruction ID: 5cd991e99d79d53c4af251ded80a1313c11e9771de64dc96df2b5ae086f2bdde
                      • Opcode Fuzzy Hash: fe045390f208e3b91d04d68a7f45f7d0da716cc06df12dc4ee69fb3cf6ca6fba
                      • Instruction Fuzzy Hash: 7BF0A732F20238DBDB1495A5DC41A9BB739E784354F10453AED01E7384D771AD01CBC0
                      Function 0640FD71 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa14a4831c35644abf52b6a45f79115015d65dd2455bb9e8a60337c0d34abe66
                      • Instruction ID: 62e7df13e6e6eaed9a7056bf39115783eef16245c1905ca84d3f5b1f4f6bd074
                      • Opcode Fuzzy Hash: fa14a4831c35644abf52b6a45f79115015d65dd2455bb9e8a60337c0d34abe66
                      • Instruction Fuzzy Hash: BAE06833B201289BCB244CB5EC99ADBB76AEBC5321B00043EEA01E3380DD31980287D0
                      Function 06406560 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1a78ade4a582aa0df212cb77d53018db7db26059176967ab1b1a5b4b02fd7cfe
                      • Instruction ID: be642129049e5a65422681bd0b622acb9dc1547e7b610b27806bd9dc04cef492
                      • Opcode Fuzzy Hash: 1a78ade4a582aa0df212cb77d53018db7db26059176967ab1b1a5b4b02fd7cfe
                      • Instruction Fuzzy Hash: 95E026B1E20114ABEF92CEB0EB423AB3769EB41204F218DB7D409DB382F172CE124740
                      Function 06406570 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a819bebf4c8c3eda4bd26fa7b91ff0f2dcd43c419868069b5cf496221e9d8ed
                      • Instruction ID: dd664ca5c121e0282c4cc973b03e9ca78c444c90219a09728ee753a1da956a02
                      • Opcode Fuzzy Hash: 6a819bebf4c8c3eda4bd26fa7b91ff0f2dcd43c419868069b5cf496221e9d8ed
                      • Instruction Fuzzy Hash: 98E0C270E10118ABEF51CEB0EA4575F77ADD701204F2188B6D80ADB382E132DE114790

                      Non-executed Functions

                      Function 0640E498 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID: 0o#p$Dq#p
                      • API String ID: 0-2938899007
                      • Opcode ID: 53ad971babee934c09fda75f17e8b8e2c33277f4c887c06a30c124f771ebec67
                      • Instruction ID: 88a795aaef584c034df6e20e4470abca08dd2acccb12ab386e5c1dc775f41c59
                      • Opcode Fuzzy Hash: 53ad971babee934c09fda75f17e8b8e2c33277f4c887c06a30c124f771ebec67
                      • Instruction Fuzzy Hash: 6E22AF31B102158FEB55DB68D484BAEB7B2EF89310F24887AD406DB3A1DB35EC51CB91
                      Function 06400040 Relevance: 2.0, Instructions: 1972COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e447b1c541eae803697623d3d0065470028a8aaee8ab2b88b12e3b1e8bd02a38
                      • Instruction ID: a7662d01f769d58457b3117bad116c1f4d4f597e8bcc6aa09329918709340fcb
                      • Opcode Fuzzy Hash: e447b1c541eae803697623d3d0065470028a8aaee8ab2b88b12e3b1e8bd02a38
                      • Instruction Fuzzy Hash: 39230C31D10B198ADB11EF68C8946AEF7B1FF99300F15D79AE448B7251EB70AAC4CB41
                      Function 06405DF0 Relevance: .4, Instructions: 406COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.3749183991.0000000006400000.00000040.00000800.00020000.00000000.sdmp, Offset: 06400000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_6400000_RegAsm.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 651dd40e326bc87327d2d5a5f700148f426d0b0440ad96b1e27e51a9342035d0
                      • Instruction ID: 085befa04ba28027750d37863961ff62bcee4388373584121f8990e84722dba6
                      • Opcode Fuzzy Hash: 651dd40e326bc87327d2d5a5f700148f426d0b0440ad96b1e27e51a9342035d0
                      • Instruction Fuzzy Hash: 70D10631B101248FEB55DB68D584BAEBBE2EF89310F25847BE50ADB391CA35DC45CB90