Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2024.scr.exe

Overview

General Information

Sample name:2024.scr.exe
renamed because original name is a hash value
Original sample name: 02.07.2024.scr.exe
Analysis ID:1466662
MD5:225eafff6079cb1e726bc1ff4255225c
SHA1:8c49f04cb44e11d6d121a10aa2d943f4fdbfd9b6
SHA256:123a6e0ffbf48e1136e15e255e9eed03e7524b1999f4afb480ea59ba9ddf225d
Tags:AgentTeslaexescr
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 2024.scr.exe (PID: 1616 cmdline: "C:\Users\user\Desktop\2024.scr.exe" MD5: 225EAFFF6079CB1E726BC1FF4255225C)
    • powershell.exe (PID: 5724 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 5004 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • 2024.scr.exe (PID: 6600 cmdline: "C:\Users\user\Desktop\2024.scr.exe" MD5: 225EAFFF6079CB1E726BC1FF4255225C)
  • Logon32.exe (PID: 2800 cmdline: "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe" MD5: 225EAFFF6079CB1E726BC1FF4255225C)
    • Logon32.exe (PID: 6840 cmdline: "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe" MD5: 225EAFFF6079CB1E726BC1FF4255225C)
  • Logon32.exe (PID: 5976 cmdline: "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe" MD5: 225EAFFF6079CB1E726BC1FF4255225C)
    • Logon32.exe (PID: 5388 cmdline: "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe" MD5: 225EAFFF6079CB1E726BC1FF4255225C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.com", "Username": "login112004@yandex.com", "Password": "okmabejemqjzazob"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 22 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.2024.scr.exe.376c328.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.2024.scr.exe.376c328.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.2024.scr.exe.376c328.3.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x329f0:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x32a62:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x32aec:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x32b7e:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x32be8:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x32c5a:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x32cf0:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x32d80:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                7.2.Logon32.exe.408d238.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  7.2.Logon32.exe.408d238.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 37 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\2024.scr.exe", ParentImage: C:\Users\user\Desktop\2024.scr.exe, ParentProcessId: 1616, ParentProcessName: 2024.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", ProcessId: 5724, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\2024.scr.exe, ProcessId: 6600, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Logon32
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\2024.scr.exe", ParentImage: C:\Users\user\Desktop\2024.scr.exe, ParentProcessId: 1616, ParentProcessName: 2024.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", ProcessId: 5724, ProcessName: powershell.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 77.88.21.158, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\2024.scr.exe, Initiated: true, ProcessId: 6600, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49718
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\2024.scr.exe", ParentImage: C:\Users\user\Desktop\2024.scr.exe, ParentProcessId: 1616, ParentProcessName: 2024.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe", ProcessId: 5724, ProcessName: powershell.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 7.2.Logon32.exe.40c9058.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.yandex.com", "Username": "login112004@yandex.com", "Password": "okmabejemqjzazob"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeReversingLabs: Detection: 60%
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeVirustotal: Detection: 46%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: 2024.scr.exeReversingLabs: Detection: 60%
                    Source: 2024.scr.exeVirustotal: Detection: 46%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: 2024.scr.exeJoe Sandbox ML: detected
                    Source: 2024.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49730 version: TLS 1.2
                    Source: 2024.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: NHFC.pdb source: 2024.scr.exe, Logon32.exe.4.dr
                    Source: Binary string: NHFC.pdbSHA256 source: 2024.scr.exe, Logon32.exe.4.dr
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4x nop then jmp 0CEE33C0h0_2_0CEE2B62

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.6:49718 -> 77.88.21.158:587
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 77.88.21.158 77.88.21.158
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficTCP traffic: 192.168.2.6:49718 -> 77.88.21.158:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: smtp.yandex.com
                    Source: 2024.scr.exe, Logon32.exe.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: 2024.scr.exe, Logon32.exe.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: Logon32.exe, 0000000D.00000002.4650633138.0000000006C05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.gl
                    Source: Logon32.exe, 0000000D.00000002.4617751174.000000000146A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.glC
                    Source: Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.glH
                    Source: Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsrsaovsslca201
                    Source: 2024.scr.exe, 00000004.00000002.4662885949.0000000008DF0000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642620209.000000000696E000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.0000000006918000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.0000000001653000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsrsaovsslca2018.crl0j
                    Source: Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ro
                    Source: 2024.scr.exe, 00000004.00000002.4662885949.0000000008DF0000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642620209.000000000696E000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4663337495.0000000008E44000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.00000000068C4000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662637580.0000000008DE2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662101959.0000000008D90000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DAB000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662420241.0000000008DB8000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4616583342.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                    Source: 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4663337495.0000000008E44000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DAB000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4616583342.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642492941.0000000006966000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.0000000001653000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009D74000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4646328283.0000000006E36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
                    Source: Logon32.exe, 00000008.00000002.4619569539.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002EA9000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.00000000030DA000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4606513178.0000000000436000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: 2024.scr.exe, Logon32.exe.4.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: 2024.scr.exe, 00000004.00000002.4662885949.0000000008DF0000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642620209.000000000696E000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.0000000006918000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.0000000001653000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsrsaovsslca20180V
                    Source: 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4663337495.0000000008E44000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DAB000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4616583342.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642492941.0000000006966000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.0000000001653000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009D74000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4646328283.0000000006E36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
                    Source: 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642620209.000000000696E000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4663337495.0000000008E44000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.00000000068C4000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662637580.0000000008DE2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662101959.0000000008D90000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DAB000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662420241.0000000008DB8000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4616583342.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: 2024.scr.exe, 00000000.00000002.2149694869.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2290264143.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2368962846.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globals
                    Source: 2024.scr.exe, 00000004.00000002.4662885949.0000000008DF0000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642620209.000000000696E000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.0000000006918000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.0000000001653000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt07
                    Source: 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003AFD000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.00000000032F3000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.000000000351E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003285000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.yandex.com
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4606483349.0000000000437000.00000040.00000400.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4605586625.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Logon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Logon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: 2024.scr.exe, Logon32.exe.4.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: Logon32.exe, 00000008.00000002.4610287684.000000000162D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repos
                    Source: 2024.scr.exe, 00000004.00000002.4662885949.0000000008DF0000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642620209.000000000696E000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4663337495.0000000008E44000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F2D000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.00000000068C4000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662637580.0000000008DE2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DA2000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662101959.0000000008D90000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4613926910.0000000001096000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662227654.0000000008DAB000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4662420241.0000000008DB8000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4640662793.0000000006918000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4616583342.0000000001125000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4642492941.0000000006966000.00000004.00000020.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.6:49730 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, R1W.cs.Net Code: OG9vqkCc
                    Source: 0.2.2024.scr.exe.376c328.3.raw.unpack, R1W.cs.Net Code: OG9vqkCc
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\2024.scr.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\2024.scr.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Logon32\Logon32.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                    Source: C:\Users\user\Desktop\2024.scr.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06DD8D59 GetKeyState,GetKeyState,GetKeyState,4_2_06DD8D59
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06DD8D68 GetKeyState,GetKeyState,GetKeyState,4_2_06DD8D68

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.2024.scr.exe.376c328.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 7.2.Logon32.exe.408d238.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.Logon32.exe.3bf64d8.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.Logon32.exe.3c322f8.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 7.2.Logon32.exe.40c9058.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.2024.scr.exe.37a8148.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 7.2.Logon32.exe.40c9058.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 7.2.Logon32.exe.408d238.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.2024.scr.exe.376c328.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.Logon32.exe.3bf64d8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 12.2.Logon32.exe.3c322f8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.2024.scr.exe.7330000.4.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
                    .NET source code contains very large strings
                    Source: 2024.scr.exe, frm_login.csLong String: Length: 97210
                    Source: Logon32.exe.4.dr, frm_login.csLong String: Length: 97210
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_00D6D5BC0_2_00D6D5BC
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C325480_2_05C32548
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C3F5100_2_05C3F510
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C325380_2_05C32538
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C367180_2_05C36718
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C367280_2_05C36728
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C326DB0_2_05C326DB
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C361680_2_05C36168
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C361780_2_05C36178
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C34CAB0_2_05C34CAB
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C36F800_2_05C36F80
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C36F880_2_05C36F88
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C32E7B0_2_05C32E7B
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C309E80_2_05C309E8
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C309F80_2_05C309F8
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C3F9480_2_05C3F948
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_0CEE4B700_2_0CEE4B70
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA42484_2_02CA4248
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CAC2084_2_02CAC208
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CAF5504_2_02CAF550
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CABA384_2_02CABA38
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA4B184_2_02CA4B18
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA3F004_2_02CA3F00
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D667804_2_06D66780
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D6B3B84_2_06D6B3B8
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D653584_2_06D65358
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D6C3084_2_06D6C308
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D67F084_2_06D67F08
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D624184_2_06D62418
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D65A784_2_06D65A78
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D600404_2_06D60040
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D678284_2_06D67828
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D6E5284_2_06D6E528
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06DD67784_2_06DD6778
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06DDE8C04_2_06DDE8C0
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06DDE8B04_2_06DDE8B0
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06DD12F04_2_06DD12F0
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_06D600114_2_06D60011
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_016BD5BC7_2_016BD5BC
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_05506C007_2_05506C00
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_055000407_2_05500040
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_055000067_2_05500006
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_05506BF07_2_05506BF0
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_0D2548387_2_0D254838
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B142488_2_01B14248
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B1F6288_2_01B1F628
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B14B188_2_01B14B18
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B1BC008_2_01B1BC00
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B13F008_2_01B13F00
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B1EF488_2_01B1EF48
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_073174208_2_07317420
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_073124188_2_07312418
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_0731C3108_2_0731C310
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_07317B008_2_07317B00
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_073163788_2_07316378
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_073153588_2_07315358
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_0731B3C08_2_0731B3C0
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_07315A788_2_07315A78
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_0731E5308_2_0731E530
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_073100408_2_07310040
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_073100078_2_07310007
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 12_2_029CD5BC12_2_029CD5BC
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138424813_2_01384248
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138F62813_2_0138F628
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_01384B1813_2_01384B18
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138BCC013_2_0138BCC0
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_01383F0013_2_01383F00
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138EF4813_2_0138EF48
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_07047B0013_2_07047B00
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704C31013_2_0704C310
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704535813_2_07045358
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704637813_2_07046378
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704B3C013_2_0704B3C0
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704241813_2_07042418
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_07045A7813_2_07045A78
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704E53013_2_0704E530
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704742013_2_07047420
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704004013_2_07040040
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0704000613_2_07040006
                    Source: 2024.scr.exeStatic PE information: invalid certificate
                    Source: 2024.scr.exe, 00000000.00000000.2132045205.0000000000386000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNHFC.exe vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.0000000004141000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000000.00000002.2157916793.0000000007330000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000000.00000002.2158432216.000000000D1C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000000.00000002.2148166248.00000000007AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000000.00000002.2149694869.00000000026D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename3a9f97cf-06b5-46de-807e-132d396f6890.exe4 vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename3a9f97cf-06b5-46de-807e-132d396f6890.exe4 vs 2024.scr.exe
                    Source: 2024.scr.exe, 00000004.00000002.4609545898.0000000000EF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs 2024.scr.exe
                    Source: 2024.scr.exeBinary or memory string: OriginalFilenameNHFC.exe vs 2024.scr.exe
                    Source: 2024.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.2024.scr.exe.376c328.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 7.2.Logon32.exe.408d238.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.Logon32.exe.3bf64d8.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.Logon32.exe.3c322f8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 7.2.Logon32.exe.40c9058.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.2024.scr.exe.37a8148.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 7.2.Logon32.exe.40c9058.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 7.2.Logon32.exe.408d238.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.2024.scr.exe.376c328.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.Logon32.exe.3bf64d8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 12.2.Logon32.exe.3c322f8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, KLhJmaON.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, KLhJmaON.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, 9HIFdl.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, 9HIFdl.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, VPlKcbLToBHBxlelgM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, VPlKcbLToBHBxlelgM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, VPlKcbLToBHBxlelgM.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, tjMRaMqUNgRe9WpmIG.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/9@3/3
                    Source: C:\Users\user\Desktop\2024.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2024.scr.exe.logJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMutant created: NULL
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMutant created: \Sessions\1\BaseNamedObjects\QutOHovbqbDvoDHueoc
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_03
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nihp0rjw.rop.ps1Jump to behavior
                    Source: 2024.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 2024.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 2024.scr.exe, 00000000.00000000.2131957372.0000000000292000.00000002.00000001.01000000.00000003.sdmp, Logon32.exe.4.drBinary or memory string: INSERT INTO tab_grade (gId, gName) VALUES(NULL, @gName);SELECT @@IDENTITY# Add successfullyInfo%Add unsuccessfully-Grade name not changed
                    Source: 2024.scr.exeReversingLabs: Detection: 60%
                    Source: 2024.scr.exeVirustotal: Detection: 46%
                    Source: C:\Users\user\Desktop\2024.scr.exeFile read: C:\Users\user\Desktop\2024.scr.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\2024.scr.exe "C:\Users\user\Desktop\2024.scr.exe"
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe"
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Users\user\Desktop\2024.scr.exe "C:\Users\user\Desktop\2024.scr.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Users\user\Desktop\2024.scr.exe "C:\Users\user\Desktop\2024.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\2024.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\2024.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: 2024.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: 2024.scr.exeStatic file information: File size 1050120 > 1048576
                    Source: 2024.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: 2024.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: NHFC.pdb source: 2024.scr.exe, Logon32.exe.4.dr
                    Source: Binary string: NHFC.pdbSHA256 source: 2024.scr.exe, Logon32.exe.4.dr

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 2024.scr.exe, frm_login.cs.Net Code: InitializeComponent
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, tjMRaMqUNgRe9WpmIG.cs.Net Code: TSIwOjnVyb System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, tjMRaMqUNgRe9WpmIG.cs.Net Code: TSIwOjnVyb System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.2024.scr.exe.7330000.4.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.2024.scr.exe.7330000.4.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, tjMRaMqUNgRe9WpmIG.cs.Net Code: TSIwOjnVyb System.Reflection.Assembly.Load(byte[])
                    Source: Logon32.exe.4.dr, frm_login.cs.Net Code: InitializeComponent
                    Source: 2024.scr.exeStatic PE information: 0xCB13C7CD [Sat Dec 18 16:39:41 2077 UTC]
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_00D6F110 pushad ; iretd 0_2_00D6F111
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C3057B push es; ret 0_2_05C30588
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C313AF push cs; ret 0_2_05C313BE
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C30C01 push 8BBCEB50h; ret 0_2_05C30C07
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 0_2_05C34C38 push esp; retf 0_2_05C34C39
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA0C45 push ebx; retf 4_2_02CA0C52
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA0C53 push ebx; retf 4_2_02CA0C52
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA0C77 push edi; retf 4_2_02CA0C7A
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 7_2_016BF110 pushad ; iretd 7_2_016BF111
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B10CCC push edi; retf 8_2_01B10C7A
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 8_2_01B10C45 push ebx; retf 8_2_01B10C52
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 12_2_029CF110 pushad ; iretd 12_2_029CF111
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138B1D8 push esp; ret 13_2_0138B1EB
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138B1D8 push edi; ret 13_2_0138B232
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138B3FA push edx; ret 13_2_0138B3FB
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138B40A push edx; ret 13_2_0138B40B
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_0138B402 push edx; ret 13_2_0138B403
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_01380C45 push ebx; retf 13_2_01380C52
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeCode function: 13_2_01380CCB push edi; retf 13_2_01380C7A
                    Source: 2024.scr.exeStatic PE information: section name: .text entropy: 7.15649036202405
                    Source: Logon32.exe.4.drStatic PE information: section name: .text entropy: 7.15649036202405
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, PdaNmxR14wxNoQHg0Q.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'w026oIgcpW', 'ksH6SPxFuv', 'mNm6zkjf6l', 'HRcBk8f91s', 'jGXBqTdHNk', 'yjdB6711VH', 'gd4BB49Q0G', 'CULebSIbTHoqDw1ZeqT'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, tjMRaMqUNgRe9WpmIG.csHigh entropy of concatenated method names: 'dYqBXGNQTa', 'NtAB2MW02X', 'PfWBjhXpOF', 'qbhBd4CYBt', 'u7PBJZY8RJ', 'F4vBZ4knkB', 'Jb5BNqn3CA', 'AofBcIE1cA', 'hh7BQZfaJ6', 'Na2BhiBYC7'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, HWJqbBQJaepfeBU9j9.csHigh entropy of concatenated method names: 'MfSW2FOwXi', 'afDWj9MCUe', 'IC4Wdq0r2h', 'Ba6WJE4o4Y', 'ANNWZnte4C', 'rwAWNnHJM6', 'Jm4WckklQO', 'XaaWQDgoG8', 'pWlWhfBDbs', 'mibWx90Bus'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, KQvgLRfV2U5IDS3PNw.csHigh entropy of concatenated method names: 'WnYqN9kdc5', 'Hd7qcRchTi', 'k8Mqh4B8ys', 'P7CqxPiksB', 'ciAq84VHYF', 'vxEqsIrcBR', 'cuG5lTLWJh2IofWJdj', 'fpuiaaYLSH3ChZ99T6', 'Y8kqqhIZjJ', 'FTDqBVVrdQ'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, YaMI77kNuj3RqKpdaF.csHigh entropy of concatenated method names: 'FtpLlgU1ni', 'B6fLSoJ3Ex', 'WSkWkCIHiU', 'XPcWqWkmh1', 'tX5LgDGnVk', 'nKSLfRcpPt', 'k96LMTi1DY', 'PANLiBvJpZ', 'GDgLn20DJq', 'i7XLudW9jj'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, lSVdsY1w08s4XML2xH.csHigh entropy of concatenated method names: 'Mq8Lh2KVGl', 'HdnLxrnGPy', 'ToString', 'wBfL2aRiUu', 'N6rLjcumjE', 'qsKLdGAYjI', 'Lu6LJM6gsD', 'B2FLZVH4Gp', 'lY5LNUdnl3', 'uhFLcVWcqJ'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, TFj1yMvJcKjcjV6whV.csHigh entropy of concatenated method names: 'p61JK4yrx4', 'JcAJr2KBh3', 'JFedvCYiQL', 'QtZd0NoPYL', 'MiKdyUXecY', 'bZWdAQTl2t', 'qSwdm40BYA', 'BZ4d1R41XJ', 'sQEdHQfXJW', 'cj7dPSkp2o'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, LGXVgugFgrrHxRD9XL.csHigh entropy of concatenated method names: 'KggZXL29iX', 'FETZjJLpWN', 'IWuZJ0WQwU', 'XkwZNlyh5e', 'xjsZcB5S1R', 'HDcJGTjVvZ', 'CvdJIOmCYu', 'XttJ3CNHIa', 'hZiJlsBBbd', 'iLYJo5MQvu'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, rp7Oudo7Ep3QqZOaYu.csHigh entropy of concatenated method names: 'wxC8PHSh1O', 'C7A8fQoAVs', 'HwF8iqGVUB', 'UAy8n1pfsy', 'tNp8UY2FLB', 'AgZ8vMjn1p', 'AmS80pcBvq', 'vXu8yPIfPa', 'vS88A8SQO6', 'HLZ8mO5Zqo'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, VPlKcbLToBHBxlelgM.csHigh entropy of concatenated method names: 'WdhjilP1px', 'd8Ujnvm8kk', 'veIjubDRcj', 'al7jRgKoxU', 'rRFjGQyf7s', 'rNKjI1VavL', 'iYMj38BDBP', 'eXPjlCYvdQ', 'yIYjoobB8r', 'ynojSfAHUx'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, wbQuSfBCsYHY5UauQk.csHigh entropy of concatenated method names: 'wnZN7PXxtA', 'oq7NCGuH7A', 'D52NOQpicC', 'NSENtPopwj', 'U2kNKRYHfn', 'bNZNaPxhDs', 'ttfNrd3LTu', 'AG0NFh4Nqk', 'twhNTYTe6g', 'LYTNEi9QCm'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, aIk48C44WUZwHG8nmpm.csHigh entropy of concatenated method names: 'ToString', 'MwNpBqREAl', 'EafpwQKn9e', 'fQwpXPICBU', 'o63p2vup5d', 'K7MpjsiuRd', 'uiZpdVn4Ii', 'iwSpJ2rM7Z', 'Y23TkleYbOPxRdNxu2x', 'cZVNyBe504U6ZZOA2I6'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, pEZU9mp6OKuJ04plKi.csHigh entropy of concatenated method names: 'c4IO5vHrU', 'qv3tnYTge', 'IgWaaPfbu', 'TFtrLSJ8G', 'GLmTt29YE', 'Vn7EquCaB', 'AgGKN5r6bdgpkq5Ti9', 'E83SxRBi5hkW1F0xlK', 'xxYWuS6qW', 'x7ApAhcOg'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, I9kZpxcJmYVHYi37Ig.csHigh entropy of concatenated method names: 'Dispose', 'SJDqoZXiYr', 'OTj6UJSuqZ', 'gqPbbBSvEY', 'qEeqS5kyGE', 'HCRqzKHSaN', 'ProcessDialogKey', 'MVh6kjim9m', 'jCX6qY0vXr', 'zri663QGJk'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, Cc8SKF4aH6lbinOxlUK.csHigh entropy of concatenated method names: 'SKpY78Glxe', 'keUYCSjeAv', 'Ck0YOMiSgY', 'V0jYtNq8bh', 'ubQYK7WA3i', 'PawYakXeGn', 'sqBYrFSk44', 'kWMYFSNTLx', 'DhOYTuSQ4n', 'jQKYErugVT'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, RDrDFL5tLvfj24Cqd1.csHigh entropy of concatenated method names: 'ToString', 'VIksgMS5jt', 'yWrsUEMKok', 'Ov4svftglf', 'V08s0CgwF4', 'tchsy2bB0b', 'rymsAVJoKf', 'zJysm2HpVZ', 'g75s1wNT7T', 'QkssHppS4g'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, pblqtHzhNUeEgJYgWp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DwkYD4XXoO', 'Fu5Y8xYwiv', 'b8cYsq1i7Z', 'nyjYLBZNkF', 'hPgYWyMNmp', 'vq7YY5bWus', 'k8jYpiWHcu'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, iaRI8s8T3dZ2SMq7cO.csHigh entropy of concatenated method names: 'U8HdtVmkht', 'afvdaJuQKj', 'RjcdFFULaG', 'IjMdTiABpg', 'xvod84ZF5E', 'WTUdsAbu7d', 'dJGdLW52sq', 'SSxdWaLIjV', 'g1OdYhRlPA', 'KKLdpYuXQp'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, G8JwKlSNVrZNuTXF2J.csHigh entropy of concatenated method names: 'SxhN2qPM8D', 'vVWNdO3KpB', 'tFKNZkR20Q', 'Mx1ZSsqTwf', 'puRZzIZg3P', 'u00Nk0qXDG', 'IhvNqIst7w', 'YAiN6aOBPb', 'crJNBdMQvy', 'kowNwlE3l4'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, uMdep3CHbwPS2ta1OS.csHigh entropy of concatenated method names: 'NbbDFgl8AA', 'vkvDT4Bn4p', 'LOjDVwVNPC', 'tZdDUOJxgn', 'zGAD0XQNwA', 'd5fDyonsoR', 'kSMDmcdWTD', 'rmvD1tP0jP', 'qIODPe2UBb', 'kYoDghuyr1'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, j4KJillMeRt8tqUSTa.csHigh entropy of concatenated method names: 'X0hWVhq0su', 'S25WUBPsLK', 'vLIWvPR2Y1', 'cpEW0U8AWA', 'mt7WiFblfO', 'prOWy2ojOe', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, tK2mqU4UvXC7JjjU3FG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'e5VpiQal0U', 'Nlrpna65m6', 'Yxopufui9k', 'VsKpRr3SVm', 'l5IpGLnpbN', 'SeQpI7f3OF', 'BbOp3K2gpX'
                    Source: 0.2.2024.scr.exe.43c9ab8.1.raw.unpack, y9xoMvV8BnB1AU7EUF.csHigh entropy of concatenated method names: 'ViaYqpkdd7', 'qCoYB1c2oY', 'L4yYwZhkKy', 'M04Y2UlZJm', 'zZcYjs5MkJ', 'krxYJ4v8yu', 'k0gYZiogD1', 'dUyW3hJCgt', 'oEVWliwwEZ', 'WAwWoqfaEE'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, PdaNmxR14wxNoQHg0Q.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'w026oIgcpW', 'ksH6SPxFuv', 'mNm6zkjf6l', 'HRcBk8f91s', 'jGXBqTdHNk', 'yjdB6711VH', 'gd4BB49Q0G', 'CULebSIbTHoqDw1ZeqT'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, tjMRaMqUNgRe9WpmIG.csHigh entropy of concatenated method names: 'dYqBXGNQTa', 'NtAB2MW02X', 'PfWBjhXpOF', 'qbhBd4CYBt', 'u7PBJZY8RJ', 'F4vBZ4knkB', 'Jb5BNqn3CA', 'AofBcIE1cA', 'hh7BQZfaJ6', 'Na2BhiBYC7'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, HWJqbBQJaepfeBU9j9.csHigh entropy of concatenated method names: 'MfSW2FOwXi', 'afDWj9MCUe', 'IC4Wdq0r2h', 'Ba6WJE4o4Y', 'ANNWZnte4C', 'rwAWNnHJM6', 'Jm4WckklQO', 'XaaWQDgoG8', 'pWlWhfBDbs', 'mibWx90Bus'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, KQvgLRfV2U5IDS3PNw.csHigh entropy of concatenated method names: 'WnYqN9kdc5', 'Hd7qcRchTi', 'k8Mqh4B8ys', 'P7CqxPiksB', 'ciAq84VHYF', 'vxEqsIrcBR', 'cuG5lTLWJh2IofWJdj', 'fpuiaaYLSH3ChZ99T6', 'Y8kqqhIZjJ', 'FTDqBVVrdQ'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, YaMI77kNuj3RqKpdaF.csHigh entropy of concatenated method names: 'FtpLlgU1ni', 'B6fLSoJ3Ex', 'WSkWkCIHiU', 'XPcWqWkmh1', 'tX5LgDGnVk', 'nKSLfRcpPt', 'k96LMTi1DY', 'PANLiBvJpZ', 'GDgLn20DJq', 'i7XLudW9jj'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, lSVdsY1w08s4XML2xH.csHigh entropy of concatenated method names: 'Mq8Lh2KVGl', 'HdnLxrnGPy', 'ToString', 'wBfL2aRiUu', 'N6rLjcumjE', 'qsKLdGAYjI', 'Lu6LJM6gsD', 'B2FLZVH4Gp', 'lY5LNUdnl3', 'uhFLcVWcqJ'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, TFj1yMvJcKjcjV6whV.csHigh entropy of concatenated method names: 'p61JK4yrx4', 'JcAJr2KBh3', 'JFedvCYiQL', 'QtZd0NoPYL', 'MiKdyUXecY', 'bZWdAQTl2t', 'qSwdm40BYA', 'BZ4d1R41XJ', 'sQEdHQfXJW', 'cj7dPSkp2o'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, LGXVgugFgrrHxRD9XL.csHigh entropy of concatenated method names: 'KggZXL29iX', 'FETZjJLpWN', 'IWuZJ0WQwU', 'XkwZNlyh5e', 'xjsZcB5S1R', 'HDcJGTjVvZ', 'CvdJIOmCYu', 'XttJ3CNHIa', 'hZiJlsBBbd', 'iLYJo5MQvu'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, rp7Oudo7Ep3QqZOaYu.csHigh entropy of concatenated method names: 'wxC8PHSh1O', 'C7A8fQoAVs', 'HwF8iqGVUB', 'UAy8n1pfsy', 'tNp8UY2FLB', 'AgZ8vMjn1p', 'AmS80pcBvq', 'vXu8yPIfPa', 'vS88A8SQO6', 'HLZ8mO5Zqo'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, VPlKcbLToBHBxlelgM.csHigh entropy of concatenated method names: 'WdhjilP1px', 'd8Ujnvm8kk', 'veIjubDRcj', 'al7jRgKoxU', 'rRFjGQyf7s', 'rNKjI1VavL', 'iYMj38BDBP', 'eXPjlCYvdQ', 'yIYjoobB8r', 'ynojSfAHUx'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, wbQuSfBCsYHY5UauQk.csHigh entropy of concatenated method names: 'wnZN7PXxtA', 'oq7NCGuH7A', 'D52NOQpicC', 'NSENtPopwj', 'U2kNKRYHfn', 'bNZNaPxhDs', 'ttfNrd3LTu', 'AG0NFh4Nqk', 'twhNTYTe6g', 'LYTNEi9QCm'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, aIk48C44WUZwHG8nmpm.csHigh entropy of concatenated method names: 'ToString', 'MwNpBqREAl', 'EafpwQKn9e', 'fQwpXPICBU', 'o63p2vup5d', 'K7MpjsiuRd', 'uiZpdVn4Ii', 'iwSpJ2rM7Z', 'Y23TkleYbOPxRdNxu2x', 'cZVNyBe504U6ZZOA2I6'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, pEZU9mp6OKuJ04plKi.csHigh entropy of concatenated method names: 'c4IO5vHrU', 'qv3tnYTge', 'IgWaaPfbu', 'TFtrLSJ8G', 'GLmTt29YE', 'Vn7EquCaB', 'AgGKN5r6bdgpkq5Ti9', 'E83SxRBi5hkW1F0xlK', 'xxYWuS6qW', 'x7ApAhcOg'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, I9kZpxcJmYVHYi37Ig.csHigh entropy of concatenated method names: 'Dispose', 'SJDqoZXiYr', 'OTj6UJSuqZ', 'gqPbbBSvEY', 'qEeqS5kyGE', 'HCRqzKHSaN', 'ProcessDialogKey', 'MVh6kjim9m', 'jCX6qY0vXr', 'zri663QGJk'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, Cc8SKF4aH6lbinOxlUK.csHigh entropy of concatenated method names: 'SKpY78Glxe', 'keUYCSjeAv', 'Ck0YOMiSgY', 'V0jYtNq8bh', 'ubQYK7WA3i', 'PawYakXeGn', 'sqBYrFSk44', 'kWMYFSNTLx', 'DhOYTuSQ4n', 'jQKYErugVT'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, RDrDFL5tLvfj24Cqd1.csHigh entropy of concatenated method names: 'ToString', 'VIksgMS5jt', 'yWrsUEMKok', 'Ov4svftglf', 'V08s0CgwF4', 'tchsy2bB0b', 'rymsAVJoKf', 'zJysm2HpVZ', 'g75s1wNT7T', 'QkssHppS4g'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, pblqtHzhNUeEgJYgWp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DwkYD4XXoO', 'Fu5Y8xYwiv', 'b8cYsq1i7Z', 'nyjYLBZNkF', 'hPgYWyMNmp', 'vq7YY5bWus', 'k8jYpiWHcu'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, iaRI8s8T3dZ2SMq7cO.csHigh entropy of concatenated method names: 'U8HdtVmkht', 'afvdaJuQKj', 'RjcdFFULaG', 'IjMdTiABpg', 'xvod84ZF5E', 'WTUdsAbu7d', 'dJGdLW52sq', 'SSxdWaLIjV', 'g1OdYhRlPA', 'KKLdpYuXQp'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, G8JwKlSNVrZNuTXF2J.csHigh entropy of concatenated method names: 'SxhN2qPM8D', 'vVWNdO3KpB', 'tFKNZkR20Q', 'Mx1ZSsqTwf', 'puRZzIZg3P', 'u00Nk0qXDG', 'IhvNqIst7w', 'YAiN6aOBPb', 'crJNBdMQvy', 'kowNwlE3l4'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, uMdep3CHbwPS2ta1OS.csHigh entropy of concatenated method names: 'NbbDFgl8AA', 'vkvDT4Bn4p', 'LOjDVwVNPC', 'tZdDUOJxgn', 'zGAD0XQNwA', 'd5fDyonsoR', 'kSMDmcdWTD', 'rmvD1tP0jP', 'qIODPe2UBb', 'kYoDghuyr1'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, j4KJillMeRt8tqUSTa.csHigh entropy of concatenated method names: 'X0hWVhq0su', 'S25WUBPsLK', 'vLIWvPR2Y1', 'cpEW0U8AWA', 'mt7WiFblfO', 'prOWy2ojOe', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, tK2mqU4UvXC7JjjU3FG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'e5VpiQal0U', 'Nlrpna65m6', 'Yxopufui9k', 'VsKpRr3SVm', 'l5IpGLnpbN', 'SeQpI7f3OF', 'BbOp3K2gpX'
                    Source: 0.2.2024.scr.exe.d1c0000.7.raw.unpack, y9xoMvV8BnB1AU7EUF.csHigh entropy of concatenated method names: 'ViaYqpkdd7', 'qCoYB1c2oY', 'L4yYwZhkKy', 'M04Y2UlZJm', 'zZcYjs5MkJ', 'krxYJ4v8yu', 'k0gYZiogD1', 'dUyW3hJCgt', 'oEVWliwwEZ', 'WAwWoqfaEE'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, PdaNmxR14wxNoQHg0Q.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'w026oIgcpW', 'ksH6SPxFuv', 'mNm6zkjf6l', 'HRcBk8f91s', 'jGXBqTdHNk', 'yjdB6711VH', 'gd4BB49Q0G', 'CULebSIbTHoqDw1ZeqT'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, tjMRaMqUNgRe9WpmIG.csHigh entropy of concatenated method names: 'dYqBXGNQTa', 'NtAB2MW02X', 'PfWBjhXpOF', 'qbhBd4CYBt', 'u7PBJZY8RJ', 'F4vBZ4knkB', 'Jb5BNqn3CA', 'AofBcIE1cA', 'hh7BQZfaJ6', 'Na2BhiBYC7'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, HWJqbBQJaepfeBU9j9.csHigh entropy of concatenated method names: 'MfSW2FOwXi', 'afDWj9MCUe', 'IC4Wdq0r2h', 'Ba6WJE4o4Y', 'ANNWZnte4C', 'rwAWNnHJM6', 'Jm4WckklQO', 'XaaWQDgoG8', 'pWlWhfBDbs', 'mibWx90Bus'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, KQvgLRfV2U5IDS3PNw.csHigh entropy of concatenated method names: 'WnYqN9kdc5', 'Hd7qcRchTi', 'k8Mqh4B8ys', 'P7CqxPiksB', 'ciAq84VHYF', 'vxEqsIrcBR', 'cuG5lTLWJh2IofWJdj', 'fpuiaaYLSH3ChZ99T6', 'Y8kqqhIZjJ', 'FTDqBVVrdQ'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, YaMI77kNuj3RqKpdaF.csHigh entropy of concatenated method names: 'FtpLlgU1ni', 'B6fLSoJ3Ex', 'WSkWkCIHiU', 'XPcWqWkmh1', 'tX5LgDGnVk', 'nKSLfRcpPt', 'k96LMTi1DY', 'PANLiBvJpZ', 'GDgLn20DJq', 'i7XLudW9jj'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, lSVdsY1w08s4XML2xH.csHigh entropy of concatenated method names: 'Mq8Lh2KVGl', 'HdnLxrnGPy', 'ToString', 'wBfL2aRiUu', 'N6rLjcumjE', 'qsKLdGAYjI', 'Lu6LJM6gsD', 'B2FLZVH4Gp', 'lY5LNUdnl3', 'uhFLcVWcqJ'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, TFj1yMvJcKjcjV6whV.csHigh entropy of concatenated method names: 'p61JK4yrx4', 'JcAJr2KBh3', 'JFedvCYiQL', 'QtZd0NoPYL', 'MiKdyUXecY', 'bZWdAQTl2t', 'qSwdm40BYA', 'BZ4d1R41XJ', 'sQEdHQfXJW', 'cj7dPSkp2o'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, LGXVgugFgrrHxRD9XL.csHigh entropy of concatenated method names: 'KggZXL29iX', 'FETZjJLpWN', 'IWuZJ0WQwU', 'XkwZNlyh5e', 'xjsZcB5S1R', 'HDcJGTjVvZ', 'CvdJIOmCYu', 'XttJ3CNHIa', 'hZiJlsBBbd', 'iLYJo5MQvu'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, rp7Oudo7Ep3QqZOaYu.csHigh entropy of concatenated method names: 'wxC8PHSh1O', 'C7A8fQoAVs', 'HwF8iqGVUB', 'UAy8n1pfsy', 'tNp8UY2FLB', 'AgZ8vMjn1p', 'AmS80pcBvq', 'vXu8yPIfPa', 'vS88A8SQO6', 'HLZ8mO5Zqo'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, VPlKcbLToBHBxlelgM.csHigh entropy of concatenated method names: 'WdhjilP1px', 'd8Ujnvm8kk', 'veIjubDRcj', 'al7jRgKoxU', 'rRFjGQyf7s', 'rNKjI1VavL', 'iYMj38BDBP', 'eXPjlCYvdQ', 'yIYjoobB8r', 'ynojSfAHUx'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, wbQuSfBCsYHY5UauQk.csHigh entropy of concatenated method names: 'wnZN7PXxtA', 'oq7NCGuH7A', 'D52NOQpicC', 'NSENtPopwj', 'U2kNKRYHfn', 'bNZNaPxhDs', 'ttfNrd3LTu', 'AG0NFh4Nqk', 'twhNTYTe6g', 'LYTNEi9QCm'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, aIk48C44WUZwHG8nmpm.csHigh entropy of concatenated method names: 'ToString', 'MwNpBqREAl', 'EafpwQKn9e', 'fQwpXPICBU', 'o63p2vup5d', 'K7MpjsiuRd', 'uiZpdVn4Ii', 'iwSpJ2rM7Z', 'Y23TkleYbOPxRdNxu2x', 'cZVNyBe504U6ZZOA2I6'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, pEZU9mp6OKuJ04plKi.csHigh entropy of concatenated method names: 'c4IO5vHrU', 'qv3tnYTge', 'IgWaaPfbu', 'TFtrLSJ8G', 'GLmTt29YE', 'Vn7EquCaB', 'AgGKN5r6bdgpkq5Ti9', 'E83SxRBi5hkW1F0xlK', 'xxYWuS6qW', 'x7ApAhcOg'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, I9kZpxcJmYVHYi37Ig.csHigh entropy of concatenated method names: 'Dispose', 'SJDqoZXiYr', 'OTj6UJSuqZ', 'gqPbbBSvEY', 'qEeqS5kyGE', 'HCRqzKHSaN', 'ProcessDialogKey', 'MVh6kjim9m', 'jCX6qY0vXr', 'zri663QGJk'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, Cc8SKF4aH6lbinOxlUK.csHigh entropy of concatenated method names: 'SKpY78Glxe', 'keUYCSjeAv', 'Ck0YOMiSgY', 'V0jYtNq8bh', 'ubQYK7WA3i', 'PawYakXeGn', 'sqBYrFSk44', 'kWMYFSNTLx', 'DhOYTuSQ4n', 'jQKYErugVT'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, RDrDFL5tLvfj24Cqd1.csHigh entropy of concatenated method names: 'ToString', 'VIksgMS5jt', 'yWrsUEMKok', 'Ov4svftglf', 'V08s0CgwF4', 'tchsy2bB0b', 'rymsAVJoKf', 'zJysm2HpVZ', 'g75s1wNT7T', 'QkssHppS4g'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, pblqtHzhNUeEgJYgWp.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DwkYD4XXoO', 'Fu5Y8xYwiv', 'b8cYsq1i7Z', 'nyjYLBZNkF', 'hPgYWyMNmp', 'vq7YY5bWus', 'k8jYpiWHcu'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, iaRI8s8T3dZ2SMq7cO.csHigh entropy of concatenated method names: 'U8HdtVmkht', 'afvdaJuQKj', 'RjcdFFULaG', 'IjMdTiABpg', 'xvod84ZF5E', 'WTUdsAbu7d', 'dJGdLW52sq', 'SSxdWaLIjV', 'g1OdYhRlPA', 'KKLdpYuXQp'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, G8JwKlSNVrZNuTXF2J.csHigh entropy of concatenated method names: 'SxhN2qPM8D', 'vVWNdO3KpB', 'tFKNZkR20Q', 'Mx1ZSsqTwf', 'puRZzIZg3P', 'u00Nk0qXDG', 'IhvNqIst7w', 'YAiN6aOBPb', 'crJNBdMQvy', 'kowNwlE3l4'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, uMdep3CHbwPS2ta1OS.csHigh entropy of concatenated method names: 'NbbDFgl8AA', 'vkvDT4Bn4p', 'LOjDVwVNPC', 'tZdDUOJxgn', 'zGAD0XQNwA', 'd5fDyonsoR', 'kSMDmcdWTD', 'rmvD1tP0jP', 'qIODPe2UBb', 'kYoDghuyr1'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, j4KJillMeRt8tqUSTa.csHigh entropy of concatenated method names: 'X0hWVhq0su', 'S25WUBPsLK', 'vLIWvPR2Y1', 'cpEW0U8AWA', 'mt7WiFblfO', 'prOWy2ojOe', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, tK2mqU4UvXC7JjjU3FG.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'e5VpiQal0U', 'Nlrpna65m6', 'Yxopufui9k', 'VsKpRr3SVm', 'l5IpGLnpbN', 'SeQpI7f3OF', 'BbOp3K2gpX'
                    Source: 0.2.2024.scr.exe.434c098.0.raw.unpack, y9xoMvV8BnB1AU7EUF.csHigh entropy of concatenated method names: 'ViaYqpkdd7', 'qCoYB1c2oY', 'L4yYwZhkKy', 'M04Y2UlZJm', 'zZcYjs5MkJ', 'krxYJ4v8yu', 'k0gYZiogD1', 'dUyW3hJCgt', 'oEVWliwwEZ', 'WAwWoqfaEE'
                    Source: C:\Users\user\Desktop\2024.scr.exeFile created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeJump to dropped file
                    Source: C:\Users\user\Desktop\2024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Logon32Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Logon32Jump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\2024.scr.exeFile opened: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 1616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 2800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5976, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4606513178.0000000000436000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: D20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 26D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 46D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 7A70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 7490000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 8A70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 9A70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 9E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: AE00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: BE00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: D240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: E240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: F240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: F950000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: 4E60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 15D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 15D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 7BC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 8BC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 8D60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 9D60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: A0A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: B0A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: C1A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: D5D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: E5D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: F5D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: FC50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 1900000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 35D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 1A70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 2980000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 2B60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 4B60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 7D00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 8D00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 8EC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 9EC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: A330000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: B330000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 7D00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 8EC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: A330000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 1380000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 3090000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory allocated: 5090000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599738Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599593Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599359Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599187Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599074Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598962Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598856Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598745Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598630Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598470Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 594163Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 594046Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593937Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593827Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593718Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593609Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599200Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599075Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598811Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598682Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594556Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594297Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594187Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594073Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 593953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 593843Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 593734Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 600000
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599872
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599766
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599641
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599531
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599422
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599313
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599188
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599063
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598951
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 595203
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 595094
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594984
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594875
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594766
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594656
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594547
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594437
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594328
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594218
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594109
                    Source: C:\Users\user\Desktop\2024.scr.exeWindow / User API: threadDelayed 858Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeWindow / User API: threadDelayed 468Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5985Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2585Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeWindow / User API: threadDelayed 2591Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeWindow / User API: threadDelayed 7123Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 1211Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 5734Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 4052Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 391
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 593
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 2461
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWindow / User API: threadDelayed 7351
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 6932Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 6916Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4372Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 320Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5828Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -599890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -599738s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -599593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -599359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -599187s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -599074s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -598962s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -598856s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -598745s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -598630s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -598470s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99966s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99749s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99640s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -99094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98649s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98413s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98295s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98178s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -98047s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97249s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97138s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -97031s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96921s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96807s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96702s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96593s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96374s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96149s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -96026s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -95922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -594163s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -594046s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -593937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -593827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -593718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exe TID: 4064Thread sleep time: -593609s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 4136Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2732Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599328s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599200s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -599075s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -598968s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -598811s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -598682s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -598578s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99890s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99781s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99672s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99563s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99197s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -99078s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98968s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98860s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98735s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98258s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -98010s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97873s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97547s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97438s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97313s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97188s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -97063s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96844s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96719s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96610s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96485s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96360s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96235s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -96110s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -594556s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -594422s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -594297s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -594187s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -594073s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -593953s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -593843s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2852Thread sleep time: -593734s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2936Thread sleep time: -2767011611056431s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 6072Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep count: 36 > 30
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -33204139332677172s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -600000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2488Thread sleep count: 2461 > 30
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599872s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 2488Thread sleep count: 7351 > 30
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599641s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599531s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599422s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599313s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599188s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -599063s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -598951s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99877s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99752s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99627s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99502s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99377s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99252s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99127s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -99002s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98877s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98752s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98627s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98502s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98377s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98252s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98127s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -98002s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97877s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97752s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97627s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97502s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97377s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97252s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97127s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -97002s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -96877s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -96752s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -96627s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -96502s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -96377s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -595203s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -595094s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594984s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594218s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe TID: 5492Thread sleep time: -594109s >= -30000s
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599738Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599593Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599359Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599187Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 599074Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598962Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598856Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598745Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598630Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 598470Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99966Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99859Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99749Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99640Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99531Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99422Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99312Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99203Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 99094Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98984Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98875Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98765Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98649Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98413Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98295Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98178Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 98047Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97937Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97827Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97718Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97594Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97469Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97359Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97249Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97138Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 97031Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96921Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96807Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96702Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96593Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96484Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96374Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96265Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96149Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 96026Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 95922Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 594163Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 594046Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593937Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593827Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593718Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeThread delayed: delay time: 593609Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599328Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599200Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599075Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598811Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598682Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598578Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99781Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99672Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99563Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99197Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99078Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98968Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98860Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98735Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98258Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97873Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97547Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97438Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97313Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97188Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97063Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96844Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96719Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594556Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594422Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594297Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594187Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594073Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 593953Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 593843Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 593734Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 600000
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599872
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599766
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599641
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599531
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599422
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599313
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599188
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 599063
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 598951
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99877
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99752
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99627
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99502
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99377
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99252
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99127
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 99002
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98877
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98752
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98627
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98502
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98377
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98252
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98127
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 98002
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97877
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97752
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97627
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97502
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97377
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97252
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97127
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 97002
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96877
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96752
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96627
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96502
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 96377
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 595203
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 595094
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594984
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594875
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594766
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594656
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594547
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594437
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594328
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594218
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeThread delayed: delay time: 594109
                    Source: Logon32.exe, 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: Logon32.exe, 0000000D.00000002.4606513178.0000000000436000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: 2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4606513178.0000000000430000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: hgfsZrw6
                    Source: Logon32.exe, 0000000D.00000002.4606513178.0000000000436000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                    Source: 2024.scr.exe, 00000004.00000002.4616583342.0000000001125000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
                    Source: Logon32.exe, 0000000D.00000002.4606513178.0000000000430000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: typ10b3Oc803a9f97cf-06b5-46de-807e-132d396f6890Nchp5wQ00oTvKR0qZab0r6L0rfhk5f0ZPM3Jr0iIjd3y805s02Jv0Nlv0DvPLtry0$$method0x6000124-1$$method0x6000096-1$$method0x6000087-1$$method0x6000109-1$$method0x6000129-1$$method0x6000149-1$$method0x600012a-1$$method0x600019b-1$$method0x600025e-1$$method0x600010f-1$$method0x600011f-1oJxXq21k2WV311LrvM871HMACSHA1VT_UI1VT_I1g3vBoHJ1VL1BtS1IEnumerable`1ICollection`1IEnumerator`1IList`1xFPPpUzb1CS$<>9__CachedAnonymousMethodDelegate1kCNIuk1CFK29C0gXl1get_Item17LhL886wco1eJeQLmAEv1$$method0x6000109-2$$method0x600025e-2$$method0x600011f-2HMACSHA512Advapi32kernel32Microsoft.Win32user32ToUInt32ReadInt32ToInt32mM52k10rLFMsCF2aMF2GlSF2VT_UI2VT_I23xmaWO2kEP2KeyValuePair`2Dictionary`2wa2jR30VH2ik2get_Item2epq20M72M6803LiwtaMzSs03y5Rs2vl613663tW5rJ31L32nM3piJ8l60glR3XU3Tuple`3u6b3wl3get_Item3U9Kp3uRyxp3XQlmz6Jr3b5dNVFLxt3adpvK17r14v0jY44ToUInt64ReadInt64ToInt64q8ypzOf74lGcE1I2rC4VT_UI4VT_I4mEpeNJ45FsK42GrIn62IML4VT_R4d3sORnCRT4tLXmRU79KU4aVzjSX4rv5UvhJZhb4Epeub4m7e42y4ZWMnb25aRO5UjT35JMnS0UJ55MD5vDXF5sCyu0kXRT5agpaY54mXd5Og5wIgARv7m5vQn5Tnv5vy5QNc05gYy06IS_TEXT_UNICODE_ASCII16IS_TEXT_UNICODE_REVERSE_ASCII16VJxwj16ToUInt16ReadInt16ToInt16R36HMACSHA256lSB86qPv7xI9B6awdbC6JENwzK611YTXjKCCX619b6arg6Mpl6Q8FkNn632RKa2LEGu6AglCs0bu6hgfsZrw6ItJ9xfsmiD7raH7rUlE9KBdK7n1PibAta8O70BR7i2l
                    Source: Logon32.exe, 00000008.00000002.4610287684.0000000001653000.00000004.00000020.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4617751174.000000000146A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\2024.scr.exeCode function: 4_2_02CA7F20 CheckRemoteDebuggerPresent,4_2_02CA7F20
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe"
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\2024.scr.exeMemory written: C:\Users\user\Desktop\2024.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeMemory written: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeProcess created: C:\Users\user\Desktop\2024.scr.exe "C:\Users\user\Desktop\2024.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeProcess created: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe "C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                    Source: 2024.scr.exe, 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Users\user\Desktop\2024.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Users\user\Desktop\2024.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Users\user\AppData\Roaming\Logon32\Logon32.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\2024.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 1616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 6600, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 2800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 6840, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5976, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5388, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\2024.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\2024.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\2024.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\Logon32\Logon32.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 1616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 6600, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 2800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 6840, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5976, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5388, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.40c9058.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.37a8148.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.Logon32.exe.408d238.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.2024.scr.exe.376c328.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3bf64d8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 12.2.Logon32.exe.3c322f8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 1616, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 2024.scr.exe PID: 6600, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 2800, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 6840, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5976, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Logon32.exe PID: 5388, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    Registry Run Keys / Startup Folder                    		112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		211
                    Input Capture                    		34
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                    Software Packing                    		NTDS631
                    Security Software Discovery                    		Distributed Component Object Model211
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job261
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Hidden Files and Directories                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1466662 Sample: 2024.scr.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 43 smtp.yandex.com 2->43 45 ip-api.com 2->45 47 2 other IPs or domains 2->47 63 Found malware configuration 2->63 65 Malicious sample detected (through community Yara rule) 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 11 other signatures 2->69 8 2024.scr.exe 4 2->8         started        12 Logon32.exe 3 2->12         started        14 Logon32.exe 2->14         started        signatures3 process4 file5 35 C:\Users\user\AppData\...\2024.scr.exe.log, ASCII 8->35 dropped 71 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->71 73 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 8->73 75 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->75 83 2 other signatures 8->83 16 2024.scr.exe 16 5 8->16         started        21 powershell.exe 23 8->21         started        77 Multi AV Scanner detection for dropped file 12->77 79 Machine Learning detection for dropped file 12->79 81 Injects a PE file into a foreign processes 12->81 23 Logon32.exe 14 2 12->23         started        25 Logon32.exe 14->25         started        signatures6 process7 dnsIp8 37 ip-api.com 208.95.112.1, 49716, 49723, 49731 TUT-ASUS United States 16->37 39 smtp.yandex.ru 77.88.21.158, 49718, 49725, 49732 YANDEXRU Russian Federation 16->39 41 api.ipify.org 104.26.13.205, 443, 49714, 49722 CLOUDFLARENETUS United States 16->41 31 C:\Users\user\AppData\Roaming\...\Logon32.exe, PE32 16->31 dropped 33 C:\Users\user\...\Logon32.exe:Zone.Identifier, ASCII 16->33 dropped 49 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 16->49 51 Tries to steal Mail credentials (via file / registry access) 16->51 53 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->53 55 Loading BitLocker PowerShell Module 21->55 27 WmiPrvSE.exe 21->27         started        29 conhost.exe 21->29         started        57 Tries to harvest and steal ftp login credentials 25->57 59 Tries to harvest and steal browser information (history, passwords, etc) 25->59 61 Installs a global keyboard hook 25->61 file9 signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    2024.scr.exe61%ReversingLabsWin32.Spyware.Negasteal
                    2024.scr.exe47%VirustotalBrowse
                    2024.scr.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Logon32\Logon32.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Logon32\Logon32.exe61%ReversingLabsWin32.Spyware.Negasteal
                    C:\Users\user\AppData\Roaming\Logon32\Logon32.exe47%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    smtp.yandex.ru0%VirustotalBrowse
                    api.ipify.org0%VirustotalBrowse
                    ip-api.com0%VirustotalBrowse
                    smtp.yandex.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    https://api.ipify.org/t0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://crl.gl0%Avira URL Cloudsafe
                    http://crl.glH0%Avira URL Cloudsafe
                    http://secure.globals0%Avira URL Cloudsafe
                    http://crl.glC0%Avira URL Cloudsafe
                    http://smtp.yandex.com0%VirustotalBrowse
                    http://crl.gl0%VirustotalBrowse
                    http://smtp.yandex.com0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    smtp.yandex.ru
                    		77.88.21.158
                    		truefalseunknown
                    api.ipify.org
                    		104.26.13.205
                    		truefalseunknown
                    ip-api.com
                    		208.95.112.1
                    		truetrueunknown
                    smtp.yandex.com
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://api.ipify.org/false
                    • URL Reputation: safe
                    		unknown
                    http://ip-api.com/line/?fields=hostingfalse
                    • URL Reputation: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://api.ipify.org2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4605586625.0000000000435000.00000040.00000400.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://account.dyn.com/2024.scr.exe, 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4606483349.0000000000437000.00000040.00000400.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://crl.glLogon32.exe, 0000000D.00000002.4650633138.0000000006C05000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.glHLogon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ip-api.comLogon32.exe, 00000008.00000002.4619569539.0000000003621000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://crl.glCLogon32.exe, 0000000D.00000002.4617751174.000000000146A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://secure.globalsLogon32.exe, 00000008.00000002.4654364740.0000000009DFD000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://api.ipify.org/tLogon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name2024.scr.exe, 00000000.00000002.2149694869.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000007.00000002.2290264143.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000035DC000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000C.00000002.2368962846.0000000002B61000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/02024.scr.exe, Logon32.exe.4.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://smtp.yandex.com2024.scr.exe, 00000004.00000002.4619512401.000000000301A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000002F70000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003210000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.00000000032B5000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.000000000335A000.00000004.00000800.00020000.00000000.sdmp, 2024.scr.exe, 00000004.00000002.4619512401.0000000003190000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003A6E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.00000000037CA000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 00000008.00000002.4619569539.0000000003AFD000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.00000000032F3000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.000000000351E000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003285000.00000004.00000800.00020000.00000000.sdmp, Logon32.exe, 0000000D.00000002.4618767842.0000000003470000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    208.95.112.1
                    		ip-api.comUnited States
                    		53334TUT-ASUStrue
                    77.88.21.158
                    		smtp.yandex.ruRussian Federation
                    		13238YANDEXRUfalse
                    104.26.13.205
                    		api.ipify.orgUnited States
                    		13335CLOUDFLARENETUSfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1466662
                    Start date and time:2024-07-03 08:55:31 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 11m 21s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:16
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:2024.scr.exe
                    renamed because original name is a hash value
                    Original Sample Name: 02.07.2024.scr.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@13/9@3/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 338
                    • Number of non-executed functions: 19
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    02:56:25API Interceptor5221345x Sleep call for process: 2024.scr.exe modified
                    02:56:27API Interceptor15x Sleep call for process: powershell.exe modified
                    02:56:39API Interceptor8474537x Sleep call for process: Logon32.exe modified
                    08:56:30AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Logon32 C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                    08:56:38AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Logon32 C:\Users\user\AppData\Roaming\Logon32\Logon32.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    208.95.112.1DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    Purchase Order N#U00b0 20240702.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                    • ip-api.com/line/?fields=hosting
                    AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    Doc_CI_PL_HBL_COO_Insu_.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    roger.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    okmnji.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                    • ip-api.com/line/?fields=hosting
                    AWB DHL#40882993049403.pdf.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    llD1w4ROY5.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • ip-api.com/line/?fields=hosting
                    DHL AWB COMMERCAIL INVOICE AND TRACKNG DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                    • ip-api.com/line/?fields=hosting
                    77.88.21.158tWitaq427K.exeGet hashmaliciousRemcos, AgentTeslaBrowse
                      gB49zgUhr8.exeGet hashmaliciousAgentTeslaBrowse
                        RFQ Enqiury Requirement.pif.exeGet hashmaliciousAgentTeslaBrowse
                          VfeC87R1r6.exeGet hashmaliciousAgentTeslaBrowse
                            SecuriteInfo.com.Win32.PWSX-gen.21357.32352.exeGet hashmaliciousAgentTeslaBrowse
                              SIEMENS #2427021-S06564.exeGet hashmaliciousAgentTeslaBrowse
                                DHL Delivery Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                  DHL Delivery Invoice AWB#7490327845.exeGet hashmaliciousAgentTeslaBrowse
                                    DHL Delivery Invoice AWB#7490327845.exeGet hashmaliciousAgentTeslaBrowse
                                      621___76063675443-June_Order_list.exeGet hashmaliciousAgentTeslaBrowse
                                        104.26.13.205242764.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                                        • api.ipify.org/?format=wef
                                        Ransom.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                        • api.ipify.org/
                                        ld.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                        • api.ipify.org/
                                        ReturnLegend.exeGet hashmaliciousStealitBrowse
                                        • api.ipify.org/?format=json
                                        SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                        • api.ipify.org/
                                        Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                        • api.ipify.org/?format=json
                                        ArenaWarSetup.exeGet hashmaliciousStealitBrowse
                                        • api.ipify.org/?format=json
                                        Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/?format=json
                                        E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/
                                        E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                        • api.ipify.org/

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        smtp.yandex.rutWitaq427K.exeGet hashmaliciousRemcos, AgentTeslaBrowse
                                        • 77.88.21.158
                                        gB49zgUhr8.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        RFQ Enqiury Requirement.pif.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        VfeC87R1r6.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        SecuriteInfo.com.Win32.PWSX-gen.21357.32352.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        SIEMENS #2427021-S06564.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        DHL Delivery Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        DHL Delivery Invoice AWB#7490327845.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        DHL Delivery Invoice AWB#7490327845.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        621___76063675443-June_Order_list.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        ip-api.comDHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        Purchase Order N#U00b0 20240702.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 208.95.112.1
                                        AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        Doc_CI_PL_HBL_COO_Insu_.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        roger.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        okmnji.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                        • 208.95.112.1
                                        AWB DHL#40882993049403.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        llD1w4ROY5.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 208.95.112.1
                                        DHL AWB COMMERCAIL INVOICE AND TRACKNG DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        api.ipify.orgDHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        B24E33 ENQUIRY.vbeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 172.67.74.152
                                        AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.74.152
                                        MT_0615_60931PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 104.26.12.205
                                        Doc230906103882.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 104.26.12.205
                                        Doc_CI_PL_HBL_COO_Insu_.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        roger.exeGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.74.152
                                        Remittance Advice.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 172.67.74.152
                                        Drawing specification and June PO #07329.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                        • 104.26.12.205
                                        llD1w4ROY5.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.12.205

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        YANDEXRUhttps://scanner.topsec.com/?d=3744&r=auto&u=https%3A%2F%2Fmaknastudio.com%2Fpkyos&t=a4fe2e96fe6815a71cc8a7f1ae1196e6fbcf1f08Get hashmaliciousHTMLPhisherBrowse
                                        • 213.180.204.90
                                        tWitaq427K.exeGet hashmaliciousRemcos, AgentTeslaBrowse
                                        • 77.88.21.158
                                        gB49zgUhr8.exeGet hashmaliciousAgentTeslaBrowse
                                        • 77.88.21.158
                                        Ref-#47882327.docxGet hashmaliciousHTMLPhisherBrowse
                                        • 77.88.21.90
                                        https://9vn.lagerpec.com/N3pd9/Get hashmaliciousHTMLPhisherBrowse
                                        • 77.88.44.55
                                        http://pelicanbcnsolutions.comGet hashmaliciousUnknownBrowse
                                        • 87.250.251.119
                                        Complete with Docusign chelsea.pdfGet hashmaliciousUnknownBrowse
                                        • 77.88.55.88
                                        https://clck.ru/3Aju2TGet hashmaliciousUnknownBrowse
                                        • 213.180.204.232
                                        http://sahelpvr.com/95ffd86438b05Get hashmaliciousHTMLPhisherBrowse
                                        • 87.250.251.119
                                        http://marketplace-item-details-6472534712.zya.me/Get hashmaliciousHTMLPhisherBrowse
                                        • 5.255.255.77
                                        CLOUDFLARENETUSFiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                        • 66.235.200.146
                                        SHUYOU #U65b0#U6307#U4ee4 PO-2301010 03-07-2024.pdf.exeGet hashmaliciousFormBookBrowse
                                        • 104.21.34.95
                                        DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        https://doc-online.totalenergies.com/web/totalenergies-marketing-franceGet hashmaliciousUnknownBrowse
                                        • 162.247.243.29
                                        Payment_Advice.xlsGet hashmaliciousUnknownBrowse
                                        • 172.67.180.182
                                        B24E33 ENQUIRY.vbeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 172.67.74.152
                                        DHL_AWB 98776013276.xlsGet hashmaliciousFormBookBrowse
                                        • 188.114.96.3
                                        https://www.getaround.co.il/wp-logs/?r=mag372@norauto.esGet hashmaliciousHTMLPhisherBrowse
                                        • 104.17.2.184
                                        Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                        • 66.235.200.146
                                        AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.74.152
                                        TUT-ASUSDHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        Purchase Order N#U00b0 20240702.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 208.95.112.1
                                        AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        Doc_CI_PL_HBL_COO_Insu_.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        roger.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        okmnji.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                        • 208.95.112.1
                                        AWB DHL#40882993049403.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        llD1w4ROY5.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1
                                        QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 208.95.112.1
                                        DHL AWB COMMERCAIL INVOICE AND TRACKNG DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 208.95.112.1

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3b5074b1b5d032e5620f69f9f700ff0eEnquiry Quote - 24071834-01.vbsGet hashmaliciousGuLoaderBrowse
                                        • 104.26.13.205
                                        DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        2669976595_366408723_KHI_SOF_240702_0957_P.vbsGet hashmaliciousGuLoaderBrowse
                                        • 104.26.13.205
                                        DHL Polska_Powiadomienie oprzesy#U0142ce 28036893335.vbsGet hashmaliciousGuLoaderBrowse
                                        • 104.26.13.205
                                        AF85714759_htm#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                        • 104.26.13.205
                                        Zapytanie ofertowe (GASTRON 07022024).vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 104.26.13.205
                                        B24E33 ENQUIRY.vbeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 104.26.13.205
                                        Purchase Order N#U00b0 20240702.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 104.26.13.205
                                        AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        MT_0615_60931PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 104.26.13.205

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2024.scr.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\2024.scr.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1301
                                        Entropy (8bit):5.334025345208678
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4VE4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HT
                                        MD5:C8D49A85A61847AAE0536AE8856F6DEC
                                        SHA1:D4121C87789F6AE40FCB9B4F896BC2A0C79182AD
                                        SHA-256:3F7809C712D948FF3404AE242044B5463E60BCDCE93121886F8CB36799D4E3CE
                                        SHA-512:FFD3460D5B6F00C49D7A91B299765BB7620B440718DACA711566C41A0C153F51E936EE479F4B9E002794EF2E0EBFFCED32ACE15CF9C7A892248EFA6A42468D51
                                        Malicious:true
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Logon32.exe.log

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1301
                                        Entropy (8bit):5.334025345208678
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4VE4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HT
                                        MD5:C8D49A85A61847AAE0536AE8856F6DEC
                                        SHA1:D4121C87789F6AE40FCB9B4F896BC2A0C79182AD
                                        SHA-256:3F7809C712D948FF3404AE242044B5463E60BCDCE93121886F8CB36799D4E3CE
                                        SHA-512:FFD3460D5B6F00C49D7A91B299765BB7620B440718DACA711566C41A0C153F51E936EE479F4B9E002794EF2E0EBFFCED32ACE15CF9C7A892248EFA6A42468D51
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                        Download File
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2232
                                        Entropy (8bit):5.3810236212315665
                                        Encrypted:false
                                        SSDEEP:48:lylWSU4xympgv4RIoUP7gZ9tK8NPZHUx7u1iMuge//YPUyus:lGLHxv2IfLZ2KRH6OugQs
                                        MD5:C0A9887F81F5AE09A275FB503301BA80
                                        SHA1:5DAEF88A04909D6336AE2A67886B98754E768E69
                                        SHA-256:A7B91C89D5DE137454E348D7E75229408C35780F1A771E0B93CFA37EEBFCD3C1
                                        SHA-512:34AAD549B32DA2B9E93CFF7A6B6B43AA8D708C4ADA8033FDF197752B6F5151E9A1AFD43A7172A82AD264C1EF6402C0C50FEE2CAD60270E73D15C681D004865DF
                                        Malicious:false
                                        Reputation:low
                                        Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cz4b0yq.5fs.psm1

                                        Download File
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_agzxosrv.ieo.ps1

                                        Download File
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkvdc3mz.avm.psm1

                                        Download File
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nihp0rjw.rop.ps1

                                        Download File
                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):60
                                        Entropy (8bit):4.038920595031593
                                        Encrypted:false
                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                        Malicious:false
                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                        C:\Users\user\AppData\Roaming\Logon32\Logon32.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\2024.scr.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):1050120
                                        Entropy (8bit):7.0744695842014185
                                        Encrypted:false
                                        SSDEEP:12288:VBmYbtCIcFevvXu7HKlHEHoaSzrymfQZ8FrR98HU4sz+XORROQoFjp7jUFkvkR:XQ83lDHpQ+39yU4s6qOQoxpikq
                                        MD5:225EAFFF6079CB1E726BC1FF4255225C
                                        SHA1:8C49F04CB44E11D6D121A10AA2D943F4FDBFD9B6
                                        SHA-256:123A6E0FFBF48E1136E15E255E9EED03E7524B1999F4AFB480EA59BA9DDF225D
                                        SHA-512:BE0416F9DC34A753502076D18F22D07F40DF844EF6B6ECA392364724FC15BCC4FD8A03FD1C26D1C334D997229289F018EECBAD94699978E4957D8497649A60F1
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 61%
                                        • Antivirus: Virustotal, Detection: 47%, Browse
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............M... ...`....@.. ....................... ............@..................................M..O....`..................6...........#..p............................................ ............... ..H............text....-... ...................... ..`.rsrc.......`.......0..............@..@.reloc..............................@..B.................M......H............^......b...L....'..........................................&.(......*^.(........}......}....*z.(........}......}......}....*....0..[..........~....s........s......o....o......o.....o.......o........&.....o.........,..o........+..*.......0..;..........<J.......0..l........s.....~....s........s.............,...o....o......o.....o......s ......o!......o"...&....,..o.........+...*........GY.......0..g..........~....s........s......o....o......o.....o.......o........&

                                        C:\Users\user\AppData\Roaming\Logon32\Logon32.exe:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\Desktop\2024.scr.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.0744695842014185
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:2024.scr.exe
                                        File size:1'050'120 bytes
                                        MD5:225eafff6079cb1e726bc1ff4255225c
                                        SHA1:8c49f04cb44e11d6d121a10aa2d943f4fdbfd9b6
                                        SHA256:123a6e0ffbf48e1136e15e255e9eed03e7524b1999f4afb480ea59ba9ddf225d
                                        SHA512:be0416f9dc34a753502076d18f22d07f40df844ef6b6eca392364724fc15bcc4fd8a03fd1c26d1c334d997229289f018eecbad94699978e4957d8497649a60f1
                                        SSDEEP:12288:VBmYbtCIcFevvXu7HKlHEHoaSzrymfQZ8FrR98HU4sz+XORROQoFjp7jUFkvkR:XQ83lDHpQ+39yU4s6qOQoxpikq
                                        TLSH:FB25F7F4FEE25B3AF1E1AEB23784E5DE512EE9B205165A75AB0077052230D504CB7B23
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............M... ...`....@.. ....................... ............@................................

                                        File Icon

                                        Icon Hash:084c9212f3c82c53

                                        Static PE Info

                                        General

                                        Entrypoint:0x4f4dd2
                                        Entrypoint Section:.text
                                        Digitally signed:true
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0xCB13C7CD [Sat Dec 18 16:39:41 2077 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Authenticode Signature

                                        Signature Valid:false
                                        Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                        Signature Validation Error:The digital signature of the object did not verify
                                        Error Number:-2146869232
                                        Not Before, Not After
                                        • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                        Subject Chain
                                        • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                        Version:3
                                        Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                        Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                        Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                        Serial:7C1118CBBADC95DA3752C46E47A27438

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xf4d7f0x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xf60000x9df0.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0xfd0000x3608
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x1000000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xf23f40x70.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xf2dd80xf2e00ce9a6953ec6f027599f0fb8600ff7fb8False0.6784199289114771data7.15649036202405IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xf60000x9df00x9e00632a59a2571ec2624b8439d8937998fdFalse0.05310522151898734data2.345332126534843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x1000000xc0x2008465b28e917c146bfc4658333449ae34False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0xf61300x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 2835 x 2835 px/m0.033214210636956065
                                        RT_GROUP_ICON0xff5d80x14data1.1
                                        RT_VERSION0xff5ec0x618data0.29743589743589743
                                        RT_MANIFEST0xffc040x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jul 3, 2024 08:56:27.768686056 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:27.768723965 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:27.768862963 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:27.783065081 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:27.783087015 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.258234024 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.258307934 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:28.269227982 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:28.269246101 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.269579887 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.316916943 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:28.326076984 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:28.368505955 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.435307026 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.435376883 CEST44349714104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:28.435487986 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:28.441406965 CEST49714443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:28.457197905 CEST4971680192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:28.462115049 CEST8049716208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:28.462191105 CEST4971680192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:28.462349892 CEST4971680192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:28.467684984 CEST8049716208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:28.938529968 CEST8049716208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:28.988792896 CEST4971680192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:30.114506006 CEST4971680192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:30.121592999 CEST8049716208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:30.121649981 CEST4971680192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:30.126588106 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:30.135631084 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:30.135716915 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:30.973474979 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:30.973750114 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:30.978578091 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.192982912 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.193267107 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:31.199955940 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.417881966 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.421755075 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:31.427999973 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.642997980 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.643029928 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.643042088 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.643136978 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.643146992 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.643172979 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:31.645761967 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:31.667723894 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:31.674031019 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.889492035 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:31.893642902 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:31.899827003 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.114906073 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.116156101 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:32.122673035 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.347174883 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.347544909 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:32.355962038 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.593767881 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.594103098 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:32.599826097 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.821997881 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:32.822282076 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:32.827307940 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.055767059 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.056066036 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:33.065104961 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.457856894 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.459570885 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:33.459625006 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:33.459646940 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:33.459690094 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:33.467231989 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.467391968 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.467401028 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:33.467410088 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:34.201185942 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:34.254409075 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:34.260900021 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:34.261792898 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:41.402601004 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.402657986 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:41.403871059 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.406349897 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.406359911 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:41.871557951 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:41.871630907 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.873749971 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.873756886 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:41.874006033 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:41.926230907 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.935094118 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:41.980492115 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:42.039978981 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:42.040038109 CEST44349722104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:42.040185928 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:42.043374062 CEST49722443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:42.047270060 CEST4972380192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:42.052161932 CEST8049723208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:42.052326918 CEST4972380192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:42.052326918 CEST4972380192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:42.057169914 CEST8049723208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:42.762269974 CEST8049723208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:42.762798071 CEST8049723208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:42.763150930 CEST4972380192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:43.462762117 CEST4972380192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:43.463856936 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:43.467931032 CEST8049723208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:43.468696117 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:43.468767881 CEST4972380192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:43.469065905 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:44.346386909 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:44.349710941 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:44.354597092 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:44.736877918 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:44.737101078 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:44.742002964 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:44.972678900 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:44.973423958 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:44.980176926 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.214446068 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.214505911 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.214523077 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.214539051 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.214591980 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:45.214591980 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:45.242580891 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:45.247581959 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.478545904 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.486965895 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:45.491894960 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.722759008 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.723258018 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:45.728415966 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.959177017 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:45.959736109 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:45.968652010 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.208838940 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.209183931 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.214276075 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.451675892 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.452183008 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.457842112 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.694423914 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.694822073 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.699759960 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.930541992 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.931332111 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.931369066 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.931415081 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.931415081 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:46.937536955 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.937570095 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.937597990 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:46.938129902 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:47.446681023 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:47.488723993 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:49.177553892 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:49.177603006 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:49.177680016 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:49.181193113 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:49.181205988 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:49.824109077 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:49.824193001 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:49.828737020 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:49.828767061 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:49.829060078 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:49.879357100 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:50.004991055 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:50.048501015 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:50.109875917 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:50.109951019 CEST44349730104.26.13.205192.168.2.6
                                        Jul 3, 2024 08:56:50.110029936 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:50.137862921 CEST49730443192.168.2.6104.26.13.205
                                        Jul 3, 2024 08:56:50.142128944 CEST4973180192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:50.147013903 CEST8049731208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:50.147113085 CEST4973180192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:50.147304058 CEST4973180192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:50.152160883 CEST8049731208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:50.631933928 CEST8049731208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:50.676204920 CEST4973180192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:51.191700935 CEST4973180192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:51.192862034 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:51.197323084 CEST8049731208.95.112.1192.168.2.6
                                        Jul 3, 2024 08:56:51.197415113 CEST4973180192.168.2.6208.95.112.1
                                        Jul 3, 2024 08:56:51.197726965 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:51.197797060 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:51.833400965 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:51.833730936 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:51.838974953 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.056874037 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.057053089 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.061940908 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.280127048 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.280754089 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.285547972 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.506437063 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.506473064 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.506489992 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.506541967 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.506603003 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.506675959 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.510158062 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.515866995 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.734344006 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.739553928 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.744455099 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.962658882 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:52.963273048 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:52.970711946 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.187638998 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.188865900 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:53.193692923 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.437433004 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.437730074 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:53.442786932 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.671138048 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.671467066 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:53.676973104 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.906573057 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:53.906824112 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:53.911824942 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.130527973 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.131292105 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:54.131361008 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:54.131385088 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:54.131409883 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:56:54.136132956 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.136171103 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.136415958 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.136425972 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.815815926 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:56:54.863806963 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:49.027609110 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:49.027745962 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:55.435096979 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:55.435535908 CEST49718587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:55.436861038 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:55.442981005 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:55.443445921 CEST5874971877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:55.443850994 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:55.452783108 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:55.523016930 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:55.527920961 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:55.529931068 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:56.345632076 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.345782995 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:56.350656033 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.565087080 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.565227985 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:56.568001032 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.568120956 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:56.570058107 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.572973013 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.790924072 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.790950060 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.791078091 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:56.791337967 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:56.795933008 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:56.796139002 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.014892101 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.015029907 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.015041113 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.015499115 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.015511036 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.016742945 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.016779900 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.021826982 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.021830082 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.026693106 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.026715040 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.243877888 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.249819040 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.250329018 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.250571966 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.250582933 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.250726938 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.251091003 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.251101971 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.251204967 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.253833055 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.254607916 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.258610964 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.473195076 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.474064112 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.478995085 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.479445934 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.481825113 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.486605883 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.700052023 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.705830097 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.709027052 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.710798025 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.710855007 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.715784073 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.936525106 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.936857939 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.941713095 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.950752020 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:57.950911045 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:57.955744982 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.178050995 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.178319931 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.183235884 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.183248043 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.183443069 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.188333988 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.415343046 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.415591002 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.420521021 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.421541929 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.421686888 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.426609993 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.643806934 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.644094944 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.644150019 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.644150019 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.644206047 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.645168066 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.645278931 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.648968935 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.648981094 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.649096966 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.649106979 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.650158882 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.871562958 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.875144005 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.875224113 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.875225067 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.875802994 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.877857924 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.880043983 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.880055904 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.880064011 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.880279064 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.880733013 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882143974 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.882726908 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882736921 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882771969 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882781982 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882816076 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882826090 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.882853031 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.882853031 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.883002996 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.884869099 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.884879112 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.884888887 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.884973049 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.884973049 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.885924101 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.887950897 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.888001919 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.888039112 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.888084888 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.888195038 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.888205051 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.888225079 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.888259888 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.888318062 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.888504982 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.890424013 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.890788078 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.890858889 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.890901089 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.892936945 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893122911 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.893171072 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893203020 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893245935 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893261909 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893326998 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893326998 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:58.893346071 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893399954 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893419027 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.893452883 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.895356894 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.895366907 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.895742893 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897701025 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897769928 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897779942 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897819042 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897845984 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897907019 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.897917032 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898062944 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898072004 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898081064 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898150921 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898171902 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898284912 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898294926 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898304939 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898327112 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898405075 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898415089 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898436069 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898446083 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898454905 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898464918 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898473024 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898489952 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898507118 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898514986 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898569107 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898582935 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:58.898592949 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:59.336741924 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:59.379389048 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:57:59.863476992 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:57:59.910655975 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:02.402877092 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:02.402939081 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:05.607975960 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:05.903283119 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:05.967508078 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:05.967525959 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.188129902 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.188260078 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.188321114 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:06.188699007 CEST49739587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:06.188822031 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:06.193536043 CEST5874973977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.193677902 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.411055088 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.411081076 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.411125898 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:06.412436962 CEST49738587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:06.414391041 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:06.417345047 CEST5874973877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.419356108 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:06.419420004 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:07.534634113 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:07.541846991 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:07.546909094 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:07.774717093 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:07.781836033 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:07.786874056 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.014487028 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.014931917 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.020083904 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.248909950 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.248951912 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.248961926 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.249012947 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.249161005 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.249172926 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.249206066 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.251144886 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.256022930 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.483997107 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.485121012 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.490082026 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.717758894 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.718018055 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.722943068 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.951284885 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:08.951548100 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:08.957163095 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.203814030 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.206016064 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.211108923 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.449836969 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.452198982 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.457281113 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.689043045 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.689682007 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.694565058 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.816143990 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.817943096 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.925623894 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.926013947 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.926080942 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.926117897 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.926187038 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.928112030 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.931062937 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.931077003 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.931085110 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.931107998 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.933029890 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933075905 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.933219910 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933228970 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933255911 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933257103 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.933265924 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933279037 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.933305979 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.933327913 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933337927 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933351040 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.933363914 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.933401108 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.936579943 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.936621904 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.936741114 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.936750889 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.936784983 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.938503981 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938541889 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.938604116 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938613892 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938622952 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938638926 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938640118 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.938648939 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938667059 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.938672066 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.938704014 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.938747883 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.939022064 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.941514015 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.941656113 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.941745043 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.943372011 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943433046 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.943444967 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943487883 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.943525076 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943573952 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.943603039 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943660975 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943670034 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943680048 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943711996 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943717957 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:09.943744898 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943775892 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.943784952 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946800947 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946811914 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946820974 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946829081 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946837902 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946846008 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.946856022 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948446989 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948478937 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948512077 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948530912 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948565006 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948589087 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948662043 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948671103 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948755026 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948785067 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948792934 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948827028 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948864937 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948873997 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948900938 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948929071 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.948995113 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949002981 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949065924 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949074984 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949114084 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949126005 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949148893 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:09.949207067 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:10.834615946 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:10.882118940 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:14.314853907 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:14.319818974 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:14.547235012 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:14.547482967 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:14.547532082 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:14.547645092 CEST49741587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:14.548875093 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:14.552447081 CEST5874974177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:14.554215908 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:14.554285049 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:15.491292000 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:15.491478920 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:15.496766090 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:15.710964918 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:15.711803913 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:15.717801094 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:15.930042982 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:15.930389881 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:15.936554909 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.151516914 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.151534081 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.151546001 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.151556015 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.151566982 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.151609898 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:16.154113054 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:16.163566113 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.376851082 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.378293037 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:16.383397102 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.597862959 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.598195076 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:16.603957891 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.816313028 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:16.816658974 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:16.825048923 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.065045118 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.065299034 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.070317030 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.292295933 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.294104099 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.298957109 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.526822090 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.530113935 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.534981966 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.748150110 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.750159979 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.750159979 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.750308990 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.750308990 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.753870010 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.755040884 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.755117893 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.755129099 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.755254030 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.755281925 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.759347916 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759360075 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759368896 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759372950 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759382010 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759382963 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.759392023 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759430885 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.759434938 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.759473085 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.760184050 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.760195017 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.760204077 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.761856079 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.767957926 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.768141985 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.768320084 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.768690109 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.769911051 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.775398970 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.775482893 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.775585890 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.775594950 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.775770903 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.775815964 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.775815964 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:17.775974989 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.775985003 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.775994062 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776001930 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776010990 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776019096 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776026964 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776036024 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776043892 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776051998 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.776060104 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.780999899 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781014919 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781843901 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781852961 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781861067 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781869888 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781877995 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781886101 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781893969 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781903028 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781910896 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781919956 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781928062 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781935930 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781944036 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781951904 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781960011 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781968117 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781976938 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781985044 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.781992912 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:17.782001019 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:18.696589947 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:18.826483011 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:21.991350889 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:21.991620064 CEST49725587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:21.993273973 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:21.997622967 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:21.997644901 CEST5874972577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:21.998322010 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:21.998409033 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:22.742201090 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:22.742355108 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:22.748317003 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:22.974255085 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:22.974423885 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:22.981646061 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.209619045 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.213918924 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:23.219027042 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.446470976 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.446526051 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.446563005 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.446616888 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:23.446753979 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.446784973 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.446849108 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:23.448293924 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:23.453129053 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.679327965 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.685849905 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:23.693322897 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.917021036 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:23.917303085 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:23.922223091 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.168179035 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.168473005 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:24.177202940 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.417977095 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.418219090 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:24.423124075 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.661262989 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.661437035 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:24.666331053 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.896450996 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:24.903847933 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:24.908719063 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.134768963 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.136507034 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.136560917 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.136560917 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.136698961 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.139915943 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.142452955 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.142467976 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.142482042 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.142764091 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.142803907 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144054890 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.144853115 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144865990 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144876957 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144913912 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144926071 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144937038 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.144944906 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.144944906 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.144987106 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.145010948 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.145049095 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.147595882 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.147608995 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.147727966 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.147893906 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.148109913 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.149684906 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.149782896 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.149972916 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.150120020 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.151247025 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.152204037 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.153651953 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.153732061 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.154779911 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.154922009 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.155282021 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.155965090 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.157202959 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157296896 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157352924 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157396078 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.157417059 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157430887 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157481909 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157525063 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:25.157572985 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.157584906 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.158442020 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.158453941 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.158503056 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.158514977 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.159941912 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160022020 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160057068 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160069942 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160149097 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160222054 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160269976 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160281897 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160315037 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160381079 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160393953 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160471916 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160491943 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.160526037 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.161410093 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162067890 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162106991 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162131071 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162190914 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162203074 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162441969 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162453890 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162544012 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162554979 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162586927 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162599087 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162672043 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162683964 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162743092 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:25.162803888 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:26.086220026 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:26.160667896 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:29.733887911 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:29.740164042 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:29.966113091 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:29.966281891 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:29.966368914 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:29.966604948 CEST49743587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:29.968199968 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:29.971499920 CEST5874974377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:29.973140955 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:29.973218918 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:30.595355988 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:30.595520020 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:30.600413084 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:30.813178062 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:30.813335896 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:30.818161964 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.031236887 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.031896114 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.036838055 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.207823038 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.209853888 CEST49732587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.212723017 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.214736938 CEST5874973277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.251234055 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.251305103 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.251319885 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.251400948 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.251501083 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.251516104 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.251637936 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.253859997 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.258707047 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.471925974 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.477868080 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.482861996 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.695535898 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.701853991 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.706902027 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.919549942 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:31.919892073 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:31.924823999 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.159900904 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.160164118 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.165039062 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.391701937 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.391957998 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.396929026 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.621392965 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.621609926 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.626853943 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.723720074 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.728692055 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.728765965 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.839664936 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.840060949 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.840178967 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.840246916 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.840297937 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.841864109 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.844919920 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.844995022 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.845043898 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.845088005 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.845166922 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.845215082 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.846820116 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.846859932 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.846868038 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.846872091 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.846885920 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.846904993 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.846916914 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.846916914 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.846929073 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.846940041 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.846961975 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.846971989 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.849675894 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.849716902 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.849756956 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.849785089 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.849908113 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.849920988 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.849952936 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.849965096 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.849991083 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.850032091 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.851727009 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.851773977 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.851785898 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.851836920 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.851958036 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.852022886 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.852041960 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.852091074 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.852190018 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.852231979 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.854685068 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.854743004 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.854808092 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.854865074 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.854877949 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.854924917 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.854967117 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.855016947 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.856621981 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.856672049 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.856750011 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.856798887 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.856803894 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.856842041 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.856857061 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:32.856890917 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.856940031 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857064962 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857081890 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857098103 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857218981 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857254982 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857407093 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.857419968 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859683990 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859735012 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859746933 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859760046 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859829903 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859842062 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859863043 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859918118 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.859930038 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861469030 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861481905 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861550093 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861562967 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861583948 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861596107 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861686945 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861701012 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861711979 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861733913 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861746073 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861757040 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861785889 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861798048 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861809969 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861821890 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861836910 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861848116 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:32.861886978 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.340214968 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.341950893 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:33.346846104 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.559601068 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.561990976 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:33.566885948 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.663625956 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.773864985 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:33.779735088 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:33.782263994 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:33.787259102 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.002192974 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.002226114 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.002243042 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.002286911 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.002299070 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.002340078 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.004295111 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.009119987 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.222304106 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.227019072 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.231909990 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.444678068 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.444962025 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.449959993 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.662897110 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.663269043 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.669337034 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.902224064 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:34.902462006 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:34.907429934 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.129482985 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.129790068 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.134821892 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.360467911 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.360769987 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.365957975 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.581448078 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.581929922 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.582017899 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.582017899 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.582120895 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.584009886 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.587069988 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.587085009 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.587094069 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.587105989 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.587168932 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.589152098 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.589310884 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.589322090 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.589349031 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.589358091 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.589396954 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.589421034 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.589430094 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.589432001 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.589443922 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.589497089 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.591706991 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.591846943 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.591856956 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.591976881 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.592000008 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.592036963 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.592036963 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.592183113 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594257116 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594353914 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.594413996 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594436884 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594517946 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594548941 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.594605923 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594633102 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.594640970 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.594679117 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.594708920 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.596858978 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.596959114 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.596997976 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.597048998 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.597163916 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.599323034 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.599364996 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.599492073 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.599555969 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.599668026 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.599699974 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.599723101 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.599771976 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:35.599787951 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.601821899 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.601932049 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.601942062 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602024078 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602032900 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602042913 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602054119 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602089882 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602098942 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602116108 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602124929 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602169991 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.602179050 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604115009 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604125023 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604175091 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604188919 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604207993 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604219913 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604242086 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604259014 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604289055 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604298115 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604346991 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604707003 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604721069 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604778051 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604789019 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604801893 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604860067 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604868889 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604877949 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604927063 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604935884 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:35.604945898 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:36.476331949 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:36.550827980 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:39.549801111 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:39.554845095 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:39.767524004 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:39.767713070 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:39.767806053 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:39.768173933 CEST49745587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:39.769608974 CEST49747587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:39.773013115 CEST5874974577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:39.774463892 CEST5874974777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:39.774615049 CEST49747587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:40.401215076 CEST5874974777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:40.401485920 CEST49747587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:40.406317949 CEST5874974777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:40.629669905 CEST5874974777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:40.629726887 CEST49747587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:40.634917974 CEST5874974777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:40.635061026 CEST49747587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:40.710897923 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:40.715902090 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:40.715975046 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:41.345575094 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:41.345837116 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:41.350883961 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:41.569678068 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:41.570063114 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:41.575009108 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:41.793855906 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:41.794372082 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:41.799297094 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.019731998 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.019753933 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.019762993 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.019814014 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.019895077 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.019906998 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.019953012 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.022182941 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.027976036 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.247026920 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.247920036 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.252789974 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.471600056 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.471853018 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.476747990 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.695883989 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.696234941 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.701045990 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.945931911 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:42.946290016 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:42.951102972 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.178519964 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.178751945 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.183583021 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.417248964 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.417603970 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.423510075 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.641850948 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.642457008 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.642519951 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.642519951 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.642616034 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.644150019 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.648224115 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.648241043 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.648250103 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.648260117 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.648319960 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.649656057 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649666071 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649677038 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649748087 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.649790049 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649800062 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649808884 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649818897 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.649833918 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.649852991 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.649863958 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.653506994 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.653517008 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.653611898 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.653650999 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.653753996 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.653821945 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.653891087 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.655215979 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655225992 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655344009 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.655344963 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655355930 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655426979 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.655427933 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.655651093 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655661106 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655670881 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.655776978 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.659130096 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.659142017 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.659239054 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.659277916 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.659497976 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.660588980 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.660717010 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.660722017 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.660732031 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.660809040 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.660864115 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.660952091 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.660972118 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.660990953 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661001921 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661003113 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:43.661148071 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661158085 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661309004 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661319017 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661427975 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661441088 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661448956 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661590099 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661600113 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.661607981 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.664794922 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.665941000 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.665951014 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666073084 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666084051 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666093111 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666101933 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666215897 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666224957 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666357040 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666367054 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666378021 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666388035 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666496992 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666506052 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666516066 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666625977 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666635036 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666645050 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666655064 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666662931 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666673899 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666744947 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666754007 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666763067 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666773081 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:43.666781902 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:44.535182953 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:44.645056963 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:48.695359945 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:48.700359106 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:48.912950993 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:48.913156033 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:48.913204908 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:48.913398027 CEST49744587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:48.914715052 CEST49749587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:48.918133020 CEST5874974477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:48.919504881 CEST5874974977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:48.919578075 CEST49749587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:49.671139002 CEST5874974977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:49.672353983 CEST49749587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:49.677216053 CEST5874974977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:49.787911892 CEST49749587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:49.793243885 CEST5874974977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:49.796056032 CEST49749587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:49.843933105 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:49.848952055 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:49.852155924 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:50.475076914 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:50.475260973 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:50.480868101 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:50.697629929 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:50.697783947 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:50.702624083 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:50.919424057 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:50.919895887 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:50.924863100 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.143627882 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.143651962 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.143662930 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.143914938 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.143980980 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:51.147898912 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:51.160017967 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:51.164932966 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.381934881 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.388044119 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:51.392942905 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.610084057 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.616156101 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:51.622412920 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.839143038 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:51.840816975 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:51.845778942 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.204037905 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.204369068 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.209402084 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.435025930 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.435322046 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.440612078 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.467679977 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.472563982 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.672276974 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.672452927 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.677614927 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.685452938 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.685497999 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.685549974 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.685992002 CEST49742587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.688030005 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.690769911 CEST5874974277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.692858934 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.692924976 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.896027088 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.896373987 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.896401882 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.896450043 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.896498919 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.897840977 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.903208971 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.903222084 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.903232098 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.903242111 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.903291941 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.904679060 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.904691935 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.904704094 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.904712915 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.904736996 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.904767036 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.904803038 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.904856920 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.904961109 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.904970884 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.905009031 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.905025005 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.909069061 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.909085035 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.909126043 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.909126043 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.909708023 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.909754038 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.910125971 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.910176039 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.911242008 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.911289930 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.911386013 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.911429882 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.911549091 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.911559105 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.911571026 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.911601067 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.911636114 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.913137913 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.913149118 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.913188934 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.913213968 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.915723085 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.915785074 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.916215897 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.916271925 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.916557074 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.916609049 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.922312021 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.922367096 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.922384024 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.922394037 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.922445059 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.922519922 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.922530890 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.922642946 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.922642946 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:52.932914972 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932929039 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932939053 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932949066 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932956934 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932966948 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932976961 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.932986975 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.938950062 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.938968897 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.938978910 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.938987970 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.938997030 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939007044 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939016104 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939023972 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939033985 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939042091 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939050913 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939059973 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939068079 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939078093 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939088106 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939097881 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939106941 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939116001 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939125061 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939135075 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939143896 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939152956 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939162016 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939171076 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939181089 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939194918 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939203978 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939213991 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939223051 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939232111 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:52.939240932 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:53.546324968 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:53.581866026 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:53.586790085 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:53.814362049 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:53.818017960 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:53.823499918 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:53.937941074 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.051852942 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.052287102 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.057193041 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.084084034 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.156032085 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.161978006 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286106110 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286128998 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286144972 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286189079 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.286212921 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286227942 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286233902 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.286299944 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.288402081 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.293977976 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.380776882 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.380992889 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.381047010 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.381246090 CEST49748587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.382707119 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.387320995 CEST5874974877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.387963057 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.388039112 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.406003952 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.413379908 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.413444996 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.521908045 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.523010969 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.527868032 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.941240072 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:54.941565990 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:54.946482897 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.014992952 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.016294003 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.021615982 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.179315090 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.181871891 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.186978102 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.232875109 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.233099937 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.238007069 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.273555040 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.278544903 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.284111023 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.430259943 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.430510044 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.435390949 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.448677063 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.449879885 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.454757929 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.503750086 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.504374981 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.509255886 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.667160034 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.667182922 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.667212963 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.667239904 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.667313099 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.667326927 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.668454885 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.669230938 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.670130968 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.670578003 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.674036026 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.675367117 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.729125977 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.729579926 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.734460115 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.884825945 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.900687933 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.905826092 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.912156105 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.915903091 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.920726061 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.955809116 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.955874920 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.955889940 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.955935955 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.956104994 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:55.956150055 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.992604017 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:55.997543097 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.117149115 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.117342949 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.122159958 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.149491072 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.149848938 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.149884939 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.149926901 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.149986029 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.151705027 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.156431913 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.156488895 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.156562090 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.156711102 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.156907082 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.156944036 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.157378912 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.157432079 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.157514095 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.157529116 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.157562971 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.157569885 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.157581091 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.157587051 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.157593012 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.157619953 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.157649994 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.158585072 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.158634901 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.162036896 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.162048101 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.162094116 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.162122011 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.162549019 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.162594080 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.163184881 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.163198948 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.163228989 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.163247108 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.163263083 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.163292885 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.163316011 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.163336992 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.163355112 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.163403034 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.164439917 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.164460897 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.164494038 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.164518118 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.165668011 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.165714979 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.168638945 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.168723106 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.169121027 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169178963 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.169209003 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169256926 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.169331074 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169382095 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.169405937 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169416904 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169440985 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169451952 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169471025 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.169471025 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.169881105 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.169891119 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.171823978 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.181935072 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.217372894 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.218796015 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.225578070 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.335089922 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.335314035 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.342246056 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.445328951 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.445568085 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.450825930 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.580419064 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.580663919 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.585516930 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.670720100 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.671324015 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.676368952 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.804275990 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.804523945 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.810275078 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.907588005 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.907810926 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:56.912667990 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:56.990791082 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.039179087 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.042036057 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.047910929 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.138679028 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.138900995 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.145056009 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.161879063 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.258513927 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.258980989 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.258980989 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.259049892 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.259049892 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.261909962 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.266515970 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.266530037 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.266540051 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.266639948 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.268893003 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.268989086 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.270209074 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270298958 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270308018 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270317078 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270334005 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270334005 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.270344019 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270354033 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270359039 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270368099 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.270371914 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.270384073 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.270441055 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.270441055 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.274104118 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.274312973 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.276428938 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.276494980 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.277689934 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.277764082 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.278274059 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.278373003 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.278397083 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.278558016 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.278573990 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.278609037 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.278620958 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.282135010 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.282227993 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.284032106 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.284204960 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.285376072 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.285691023 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.285768986 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.285778999 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.285883904 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.285932064 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.285942078 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.286061049 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.286070108 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.286355972 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.286519051 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.289722919 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.289732933 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.289741993 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.289851904 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.291794062 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.291802883 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.291815042 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.291932106 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293128967 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293138981 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293272972 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293282986 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293292999 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293420076 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293553114 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.293562889 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.372344971 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.374130964 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.382074118 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.600717068 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.604577065 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.604633093 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.604633093 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.604878902 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.608098030 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.609462023 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.609472990 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.609483004 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.609704971 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.609705925 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.611975908 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.613075972 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613086939 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613095999 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613106012 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613126040 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613135099 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613143921 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613166094 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.613172054 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.613172054 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.613207102 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.613221884 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.614576101 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.614762068 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.616897106 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.618041039 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.618087053 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.618128061 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.618144989 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.618155956 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.618191957 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.618191957 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.618243933 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.618263960 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.618333101 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.619610071 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.619673967 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.619879007 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.622946978 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623234034 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623246908 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623311996 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623367071 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:57.623397112 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623405933 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623414993 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623441935 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623451948 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623471022 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623480082 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.623492956 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.624532938 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.624541998 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.624697924 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627741098 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627752066 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627824068 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627834082 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627883911 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627895117 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.627945900 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628259897 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628278971 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628289938 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628376007 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628386021 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628403902 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628415108 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628577948 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628588915 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628606081 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628616095 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628635883 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:57.628645897 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:58.102988005 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:58.160670042 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:58:58.448805094 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:58:58.518594980 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:03.496855974 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:03.501883030 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:03.721838951 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:03.722002983 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:03.722148895 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:03.723304987 CEST49753587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:03.723962069 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:03.728152037 CEST5874975377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:03.728799105 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:03.728972912 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:04.375471115 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:04.375613928 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:04.380470037 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:04.608098030 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:04.608318090 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:04.613187075 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:04.840655088 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:04.841027975 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:04.847207069 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122000933 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122029066 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122042894 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122260094 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:05.122277975 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122292042 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122302055 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.122387886 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:05.124203920 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:05.128988028 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.356764078 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.357775927 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:05.362593889 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.782933950 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:05.784506083 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:05.789762020 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.017240047 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.017581940 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.022686958 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.270448923 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.270875931 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.276295900 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.516921997 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.517209053 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.522330999 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.752784014 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.753077030 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.757909060 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.985447884 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.988398075 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.988398075 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.988543987 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.988543987 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.991929054 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.993288040 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.993388891 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.993412018 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.993422031 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.993562937 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.997104883 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.997126102 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.997176886 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.997188091 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.997267962 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.997275114 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.997365952 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.998394012 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.998436928 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:06.998444080 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.998492002 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.998729944 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.998749971 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:06.998778105 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.001637936 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.002120972 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.002140999 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.002384901 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.002432108 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.003328085 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.003374100 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.003428936 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.003555059 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.003648043 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.003696918 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.003784895 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.004195929 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.009042978 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009053946 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009063005 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009073019 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009082079 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009104967 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009114027 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009123087 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009126902 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009135008 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009145975 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009155035 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009164095 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009169102 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.009172916 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009183884 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009200096 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009208918 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009217978 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009227991 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009234905 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.009248018 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009258032 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009265900 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009275913 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009279013 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:07.009294033 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009304047 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009313107 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.009345055 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014527082 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014537096 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014545918 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014621019 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014630079 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014638901 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014642954 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014647007 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014657021 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014666080 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014677048 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014695883 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014707088 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014717102 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014725924 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014734983 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014744997 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014754057 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.014764071 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:07.988013983 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:08.160700083 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:09.858912945 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:09.863936901 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:10.092130899 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:10.092152119 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:10.092236042 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:10.092737913 CEST49754587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:10.094362020 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:10.097801924 CEST5874975477.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:10.099306107 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:10.099375963 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.078285933 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.103054047 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.109119892 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.422039032 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.426070929 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.431794882 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.530078888 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.536185980 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.650269985 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.654261112 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.660212040 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.752686024 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.754277945 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.754595995 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.757909060 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.757987976 CEST49750587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.766488075 CEST5874975077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.768377066 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.770052910 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.880964041 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.881002903 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.881022930 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.881201029 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:11.881232977 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.884107113 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.887918949 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:11.893399000 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.112945080 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.115178108 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:12.120157003 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.531441927 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.531716108 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:12.534254074 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.534405947 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:12.536720037 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.541054010 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.752820969 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.753010988 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:12.755901098 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.756196976 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:12.757903099 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.761063099 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.971375942 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.971870899 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:12.980287075 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.991173983 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:12.996226072 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.003180981 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.195684910 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.195709944 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.195723057 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.195947886 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.196255922 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.199909925 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.204768896 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.230772972 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.232924938 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.240838051 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.417700052 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.441930056 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.448616028 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.466794014 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.473433018 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.479393959 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.660402060 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.660795927 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.665739059 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.698260069 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.698685884 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.698685884 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.698883057 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.698934078 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.701919079 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.703664064 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.703783989 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.703850985 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.703882933 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.703917027 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.704127073 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.707257986 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.707287073 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.707319975 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.707509041 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.708512068 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.708791018 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.709084988 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.709958076 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.712511063 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.712570906 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.712620020 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.712620974 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.712649107 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.712702990 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.712811947 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.712852001 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.712903976 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.713051081 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.713726044 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.713753939 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.713800907 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.713898897 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.714939117 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.715053082 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.715097904 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.715215921 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.717556953 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.717617035 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.717667103 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.717710018 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.717789888 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.717829943 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.717840910 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.717873096 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.717968941 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718024969 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718053102 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718084097 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718132973 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718161106 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718210936 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718239069 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718281031 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718312979 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.718753099 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.719898939 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.719929934 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.719981909 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720010996 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720037937 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720067024 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720093966 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720153093 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720180988 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720207930 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720264912 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720292091 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720319986 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720346928 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.720382929 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.722939968 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723423004 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723450899 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723479033 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723535061 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723563910 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723618031 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723661900 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723690033 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.723717928 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.878721952 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.882147074 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.887279987 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:13.953295946 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:13.958342075 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.123409033 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.123660088 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.128477097 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.186139107 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.186450005 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.186506033 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.186681032 CEST49751587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.188278913 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.191524029 CEST5874975177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.193300009 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.193378925 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.350290060 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.350744009 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.355580091 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.590106010 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.590320110 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.595340014 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.788891077 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.808201075 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.808773041 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.808861971 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.808897018 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.809019089 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.810867071 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.814064980 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.814120054 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.814631939 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.814713955 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.814727068 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.814783096 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.816404104 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816414118 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816422939 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816427946 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816440105 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816448927 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816495895 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816957951 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.816967010 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.819886923 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.819928885 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.900464058 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.953675032 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.953804970 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.958826065 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.973232031 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:14.978308916 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:14.979978085 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.001185894 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.001579046 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.001590014 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.001746893 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.001791954 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.003829002 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.004129887 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.007164955 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007189035 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007241964 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007251024 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007261038 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007271051 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.007271051 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.007307053 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007318020 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007335901 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007384062 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007392883 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007402897 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007421970 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007431030 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007451057 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007464886 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007472992 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007484913 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007527113 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007535934 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007545948 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007580996 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007591009 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007605076 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007616043 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.007625103 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.009234905 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.009247065 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.009255886 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.009279966 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.009288073 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.009296894 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012268066 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012284040 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012295008 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012305975 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012351036 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012362003 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.012372971 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.182599068 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.184077978 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.188911915 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.412640095 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.413037062 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.417937040 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.643104076 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.643131018 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.643142939 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.643306017 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.643389940 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.643560886 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.648015022 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.652981043 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.752844095 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.836146116 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.882220030 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:15.884955883 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:15.890409946 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.114187002 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.114403009 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:16.119326115 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.342829943 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.343170881 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:16.348078012 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.582284927 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.582529068 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:16.588577986 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.823565960 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:16.823811054 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:16.829087019 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.058393002 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.060070992 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.064965010 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.288820982 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.292637110 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.292704105 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.292704105 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.294111013 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.294111013 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.297646999 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.297682047 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.297709942 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.297842979 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.299236059 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299247980 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299268961 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299278975 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299349070 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.299374104 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.299397945 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299410105 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299417973 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299422979 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.299454927 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.299550056 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.302323103 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.302334070 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.302440882 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.302747965 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.302839994 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.304536104 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.304639101 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.304682970 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.304724932 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.304769039 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.304847002 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.308572054 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.308881998 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.308989048 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.309631109 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.309856892 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.310509920 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.310610056 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.315521002 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315649033 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315721035 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315732002 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315742970 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315761089 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315762043 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.315772057 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315784931 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.315785885 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.315798998 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.315892935 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:17.316808939 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.316914082 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.316926956 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.316999912 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317009926 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317053080 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317116022 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317126036 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317192078 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317200899 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317394972 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317473888 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.317483902 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.318192005 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.318202019 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.318211079 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.318221092 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.318229914 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320296049 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320307016 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320314884 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320723057 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320734024 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320756912 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320769072 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320789099 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320799112 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320815086 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320930004 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320940971 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.320990086 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.321000099 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:17.321043015 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:18.204904079 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:18.270061970 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:26.584124088 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:26.590137005 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:26.819478035 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:26.819631100 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:26.819683075 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:26.820019960 CEST49757587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:26.821584940 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:26.824870110 CEST5874975777.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:26.826427937 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:26.826493979 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:27.465300083 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:27.465500116 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:27.470438957 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:27.692715883 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:27.692893028 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:27.697818041 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:27.920177937 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:27.920882940 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:27.925761938 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.149570942 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.149610996 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.149632931 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.149666071 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:28.149800062 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.149874926 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:28.151993990 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:28.157520056 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.379678011 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.380934000 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:28.385730982 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.608026028 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.608378887 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:28.613327980 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.835401058 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:28.835686922 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:28.840498924 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.099162102 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.099378109 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.105532885 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.334297895 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.334738016 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.339585066 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.580524921 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.581096888 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.586003065 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.808314085 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.808691025 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.808716059 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.808893919 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.808893919 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.810388088 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.813566923 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.813676119 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.813694000 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.813705921 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.813828945 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.813931942 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.815340996 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815356016 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815371037 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815386057 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815422058 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.815423012 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815438032 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815442085 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.815453053 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815465927 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815480947 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.815490007 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.815512896 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.815587044 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.818582058 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.818687916 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.818789005 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820424080 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820461988 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820478916 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820499897 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.820553064 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820573092 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.820590973 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820609093 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.820655107 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.820666075 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820713997 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820755005 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.820822954 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.820858002 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.821005106 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.821093082 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.823595047 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.823708057 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.825428963 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.825535059 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.825700998 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.825759888 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.825822115 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.825865030 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:29.826003075 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826037884 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826086998 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826138020 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826173067 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826222897 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826237917 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826313972 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826328993 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826347113 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826360941 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826457977 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826472998 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826489925 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826618910 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826633930 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826649904 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826667070 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.826683044 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.828665018 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830212116 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830233097 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830260038 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830439091 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830451965 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830593109 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830605984 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830811977 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830825090 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830838919 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830852032 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830878973 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830893040 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830908060 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830951929 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830965042 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:29.830979109 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:30.652391911 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:30.738817930 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:31.296365976 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:31.301209927 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:31.513732910 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:31.514022112 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:31.514168978 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:31.514226913 CEST49756587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:31.515520096 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:31.519350052 CEST5874975677.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:31.520546913 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:31.520633936 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.146977901 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.147170067 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.152228117 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.365849018 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.366039991 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.370965958 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.584547997 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.585088968 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.590029955 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.805392981 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.805515051 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.805530071 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.805581093 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.805588961 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:32.805663109 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.807341099 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:32.812463999 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.027498960 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.028510094 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:33.033796072 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.247024059 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.247304916 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:33.252372980 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.465761900 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.470431089 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:33.475548029 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.716888905 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.717089891 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:33.722091913 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.945719004 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:33.945914030 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:33.950876951 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.182892084 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.183305025 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.188185930 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.401875973 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.402199984 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.402251959 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.402251959 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.402420044 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.403954983 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.408241987 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.408301115 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.408313036 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.408328056 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.408365011 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.408415079 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.409790039 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409801006 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409900904 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409910917 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409912109 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.409914970 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409919977 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409938097 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409941912 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.409945965 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.410162926 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.415903091 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.415913105 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.415952921 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.415990114 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.416018963 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.416044950 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.416172028 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.416196108 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.416275024 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.416301012 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.416361094 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.416449070 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.416487932 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.416711092 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.420922995 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.420996904 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421030045 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421060085 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421098948 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421130896 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421144009 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421156883 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421190977 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421207905 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421217918 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421320915 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421322107 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:34.421322107 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421364069 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421469927 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421547890 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421602964 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421674013 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421685934 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421695948 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421705008 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421760082 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421770096 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421782017 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421792984 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421812057 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421822071 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421832085 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.421840906 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.423127890 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.423137903 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.423228025 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.423238039 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427074909 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427571058 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427582026 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427622080 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427639008 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427649021 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427659035 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427714109 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427723885 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427733898 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427745104 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427767038 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427776098 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427786112 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427795887 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427819014 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427829027 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:34.427917004 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:35.295099020 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:35.473377943 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:40.154010057 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:40.158904076 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:40.378061056 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:40.378101110 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:40.378465891 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:40.378868103 CEST49755587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:40.381917953 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:40.384653091 CEST5874975577.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:40.390216112 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:40.394373894 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.225677967 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.225852013 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.231751919 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.451735973 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.451936007 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.457025051 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.676901102 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.677335978 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.682176113 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.907464027 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.907481909 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.907493114 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.907504082 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:41.907536030 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.907572985 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.909852982 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:41.915165901 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.139839888 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.144143105 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:42.148988008 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.368982077 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.369302034 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:42.374116898 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.594079018 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.594511032 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:42.599350929 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.830271006 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:42.830517054 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:42.836853981 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.063397884 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.063662052 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.068545103 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.425149918 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.425525904 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.430533886 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.650965929 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.651365995 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.651432037 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.651493073 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.657104969 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.657121897 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.657130957 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.681912899 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.683782101 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.686783075 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.686844110 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.688919067 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.688930035 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.688975096 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.688982010 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.688992977 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.689026117 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.689034939 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.689043045 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.689043999 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.689054012 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.689063072 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.689071894 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.689107895 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.692353964 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.692364931 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.692414045 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.694796085 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.694844007 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.694848061 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.694860935 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.694905996 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.694926023 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.695018053 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.695064068 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.695970058 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.696012020 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.696039915 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.696049929 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.696084023 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.696105957 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.697267056 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.697320938 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.697472095 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.697520018 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.699754953 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.699764967 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.699791908 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.699800968 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.699807882 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.699817896 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.699843884 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:43.699925900 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700042963 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700052023 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700064898 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700105906 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700114012 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700148106 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700186014 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700217009 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700879097 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700886965 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.700897932 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702044010 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702054024 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702101946 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702111006 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702119112 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702126980 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702181101 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702192068 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702202082 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702214003 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702234983 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702245951 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702259064 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702311039 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702397108 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702405930 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.702538967 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704716921 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704725981 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704741955 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704751015 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704758883 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704767942 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704791069 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:43.704799891 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:44.569657087 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:44.645123959 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:51.455748081 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:51.460942030 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:51.674551010 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:51.674720049 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:51.674814939 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:51.675223112 CEST49759587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:51.676949024 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:51.680955887 CEST5874975977.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:51.681754112 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:51.681868076 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:52.309062004 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:52.310084105 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:52.317089081 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:52.539174080 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:52.539390087 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:52.544174910 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:52.767983913 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:52.770461082 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:52.775335073 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.000736952 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.000757933 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.000770092 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.000869989 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.000966072 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.002027035 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.005973101 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.010797977 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.234920979 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.236126900 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.242130041 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.465986013 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.466259003 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.471086025 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.695009947 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.695384026 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.700238943 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.948098898 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:53.948369026 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:53.953167915 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.189246893 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.192253113 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.199595928 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.545630932 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.548331976 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.553622961 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.777430058 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.780311108 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.780375957 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.780375957 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.780457973 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.781866074 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.785331964 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.785381079 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.785409927 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.785444975 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.785554886 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.786796093 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.786849022 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.786932945 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.786942005 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.786969900 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.787043095 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.787055016 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.787065983 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.787106037 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.787127018 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.790221930 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.790231943 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.790437937 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.790570021 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.790688038 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.791825056 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.791848898 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.791930914 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.791951895 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.791989088 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.792004108 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.792020082 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.792047024 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.792069912 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.792162895 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.792264938 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.795489073 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.795542955 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.795669079 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.796942949 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797046900 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797086000 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797194004 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797204018 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797208071 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:54.797529936 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797539949 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797549009 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797558069 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797568083 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797576904 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797585011 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797594070 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797602892 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797610998 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.797626972 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.800580978 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.800611019 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.800642014 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801789045 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801822901 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801850080 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801922083 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801934958 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801945925 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801959991 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801971912 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801983118 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.801994085 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802004099 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802071095 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802117109 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802125931 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802161932 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802171946 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802179098 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802187920 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802279949 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802314043 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802324057 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802331924 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:54.802342892 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:55.618292093 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:55.660713911 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:55.967689037 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:55.967782021 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:58.753928900 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:58.759047031 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:58.986637115 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:58.986712933 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:58.986839056 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:58.987313986 CEST49758587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:58.988805056 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 08:59:58.992676973 CEST5874975877.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:58.994023085 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 08:59:58.994122982 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:00.695794106 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:00.696543932 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:00.697474003 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:00.697593927 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:00.697593927 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:00.697732925 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:00.702797890 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:00.927169085 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:00.928838015 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:00.933739901 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:01.158061028 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:01.175113916 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:01.180071115 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.381144047 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.381166935 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.381179094 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.381251097 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.381283045 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.381284952 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.381325006 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.381407022 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.381820917 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.382477999 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.384135962 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.384160995 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.384160995 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.389049053 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.616494894 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.623961926 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.629360914 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.854564905 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:02.856518984 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:02.862576962 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.086591005 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.086929083 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:03.091959000 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.336848974 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.337167978 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:03.342036009 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.581690073 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.582010031 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:03.586930037 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.833791018 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:03.834055901 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:03.838948011 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.063047886 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.063388109 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.063424110 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.063460112 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.063508987 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.066618919 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.068228960 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.068283081 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.068293095 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.068344116 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.068468094 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.068519115 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.071715117 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.071768999 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.071813107 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.071863890 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.071929932 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.071939945 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.071983099 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.072017908 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.072030067 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.072041035 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.072076082 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.072110891 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.073390007 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.073455095 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.073549032 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.073597908 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.073966026 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.073976994 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.074026108 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.076891899 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.077059984 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.077419996 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.077917099 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.078778982 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.078819990 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.078844070 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.079121113 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.079164028 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.083878040 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.083919048 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.084017038 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084055901 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.084225893 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084326029 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084369898 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:04.084397078 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084408045 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084470987 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084487915 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084506989 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084543943 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084777117 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084786892 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084796906 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084805965 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084815979 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084825039 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084834099 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084842920 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084861994 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084872007 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084881067 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084922075 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.084932089 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.088972092 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.088999987 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089052916 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089062929 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089107037 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089117050 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089164019 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089174032 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089209080 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089225054 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089250088 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089277029 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089340925 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089350939 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089370012 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:04.089476109 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:05.122483969 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:05.270090103 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:13.103302002 CEST5874975277.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:13.103368044 CEST49752587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:16.202003956 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:16.206969023 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:16.433407068 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:16.433898926 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:16.434161901 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:16.434520960 CEST49763587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:16.437947989 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:16.440536022 CEST5874976377.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:16.444560051 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:16.444766045 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:17.073498011 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.074194908 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:17.079046965 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.306154013 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.306390047 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:17.312644005 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.535521984 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.536788940 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:17.541858912 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.767878056 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.767921925 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.767932892 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.767944098 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.767950058 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:17.768063068 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:17.812971115 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:17.817887068 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.042572021 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.043610096 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:18.048588991 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.272907972 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.273174047 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:18.278033972 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.502270937 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.506215096 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:18.511601925 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.751840115 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.754180908 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:18.759867907 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.993694067 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:18.995590925 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.000526905 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.227478981 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.227673054 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.232603073 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.456947088 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.457479000 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.457535982 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.457576036 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.457794905 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.461842060 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.462367058 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.462423086 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.462450027 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.462503910 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.462582111 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.462640047 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.466669083 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.466727018 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.466742992 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.466753006 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.466775894 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.466789007 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.466814995 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.466831923 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.466847897 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.466880083 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.467036963 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.467046976 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.467067957 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.467103958 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.467107058 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.467145920 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.467174053 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.467279911 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.467331886 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.467433929 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.467485905 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.471622944 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.471673965 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.471760035 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.471848965 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.471887112 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.471986055 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.472026110 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.472035885 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.472088099 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.472115040 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.472125053 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.472177029 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.472234011 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.472285986 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.472362041 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.472409964 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.476571083 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476634026 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.476728916 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476773977 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:19.476784945 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476799011 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476816893 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476821899 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476896048 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476910114 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476936102 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476949930 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476962090 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.476991892 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477005005 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477027893 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477041006 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477051973 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477111101 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477123976 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477135897 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477148056 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477163076 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477174044 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477200031 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477212906 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477225065 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477317095 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477329969 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477355003 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477366924 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477379084 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477394104 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.477406025 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481467009 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481481075 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481532097 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481578112 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481652021 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481664896 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481678963 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481733084 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:19.481746912 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.196113110 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:20.201025009 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.418690920 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.426747084 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.426872969 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.427228928 CEST49761587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:20.431994915 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:20.434029102 CEST5874976177.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.436906099 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:20.437165976 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:20.473516941 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.062767029 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.063066959 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.067910910 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.285887003 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.286082983 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.290882111 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.508758068 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.509253025 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.514111996 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.733587980 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.733608961 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.733620882 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.733661890 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.733669996 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.733712912 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.736376047 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.741247892 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.959598064 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:21.961325884 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:21.966162920 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.054306030 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.059195995 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.184392929 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.188425064 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.193316936 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.283387899 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.283668041 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.283803940 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.285087109 CEST49764587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.285089016 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.289947987 CEST5874976477.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.289959908 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.294048071 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.411046982 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:22.411531925 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:22.416309118 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578221083 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578464031 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578526974 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.578562021 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.578638077 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578650951 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578684092 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.578780890 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578814030 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.578814030 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.578847885 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.578897953 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.583364964 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.583374977 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.583523989 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.808073997 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.808233976 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.811598063 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.811767101 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:23.813057899 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:23.816590071 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.034830093 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.035273075 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.040196896 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.045223951 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.045386076 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.050318956 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.263506889 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.263542891 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.263555050 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.263578892 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.263590097 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.263719082 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.265670061 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.268316031 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.268805027 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.268805027 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.268862009 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.270472050 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.273327112 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.273953915 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.273963928 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.273972034 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.275301933 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.278228045 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.278615952 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280160904 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280170918 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280232906 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280245066 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280255079 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280297995 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280308008 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280312061 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280334949 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280342102 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280352116 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280361891 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280369997 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280426025 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280426025 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.280512094 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.280795097 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.283504963 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.284156084 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.285151958 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.285192966 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.285525084 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.285577059 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.285624027 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.285680056 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.285747051 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.285778046 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.285806894 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.285857916 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.289161921 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.289259911 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.290734053 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.290833950 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.290867090 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.290877104 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.290904999 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.290930986 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.290936947 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.291026115 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291052103 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.291053057 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.291073084 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291083097 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291165113 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291187048 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291197062 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291251898 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291260958 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291309118 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291317940 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291357994 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291367054 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291439056 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291449070 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291475058 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291486025 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291564941 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291574955 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291625977 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291635036 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291685104 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291693926 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291773081 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.291781902 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.294245005 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295420885 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295432091 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295471907 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295610905 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295866013 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295876026 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.295984983 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.296003103 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.296113014 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.296144009 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.296183109 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.296221972 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.492392063 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.493535042 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.498482943 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.720263004 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:24.724463940 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:24.729408026 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.021553040 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.024348974 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.029263020 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.146795988 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.252631903 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.267364979 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.267566919 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.272485971 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.508451939 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.508635998 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.513797045 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.739309072 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.739531994 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.744663000 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.966772079 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.967204094 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.967291117 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.967359066 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.967413902 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.969315052 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.972151041 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.972203016 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.972273111 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.972284079 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.972294092 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.972336054 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.974339008 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.974349976 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.974380970 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.974385023 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.974391937 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.974430084 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.974440098 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.974456072 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.974488974 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.976969004 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.976979971 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.976989985 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.977016926 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.977034092 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.977047920 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.977092028 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.977163076 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.977204084 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.979244947 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.979286909 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.979294062 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.979298115 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.979352951 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.979513884 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.979557037 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.979603052 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.979613066 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.979656935 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.979680061 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.981925011 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.981964111 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.981976032 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.982024908 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.982053041 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.982184887 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.982187986 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.982234955 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.984174013 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984222889 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984225035 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.984257936 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984277010 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.984354019 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984385967 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984436035 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:25.984440088 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984450102 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984522104 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984591961 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.984786034 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.986928940 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.986938953 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987025976 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987035990 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987040043 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987044096 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987061977 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987076998 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987111092 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.987121105 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.988946915 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.988967896 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.988977909 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989034891 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989043951 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989053011 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989069939 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989078999 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989094973 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989103079 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989141941 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989151955 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989187002 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989250898 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989310026 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989320040 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989355087 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989363909 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:25.989401102 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:27.471084118 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:27.660733938 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:28.721971989 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:28.726954937 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:28.947105885 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:28.947175980 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:28.947990894 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:28.948102951 CEST49760587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:28.948899984 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:28.952817917 CEST5874976077.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:28.953783035 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:28.953974962 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:29.564940929 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:29.565187931 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:29.570002079 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:29.785742998 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:29.810892105 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:29.815781116 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.031303883 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.031714916 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.037550926 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.254914999 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.254940987 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.254951954 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.255001068 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.255012989 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.255064964 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.255513906 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.257082939 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.261991978 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.478148937 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.498764992 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.503720045 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.722064018 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.722333908 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.729794979 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.942861080 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:30.946237087 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:30.951126099 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.185136080 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.187539101 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.192404985 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.415452003 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.415648937 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.420799017 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.643054962 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.643349886 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.649286985 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.864840031 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.865325928 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.865411997 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.865510941 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.865562916 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.870187044 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.870346069 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.870357037 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.870510101 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.873043060 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.877955914 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.877968073 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.877990961 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878000021 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878009081 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878065109 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.878072023 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878083944 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878088951 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.878093004 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878135920 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878137112 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.878180981 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.878225088 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.878292084 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.882680893 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.882749081 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.882915020 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.882936001 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.882967949 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.882997990 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883042097 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883052111 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883063078 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883102894 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883147001 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883161068 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883172989 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883183956 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883224964 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883234978 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883239031 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883244991 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883300066 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883318901 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.883320093 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.883380890 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.888339043 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888354063 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888365984 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888374090 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888382912 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888391972 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888401031 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888411999 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888421059 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.888464928 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:31.888519049 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888528109 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888546944 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888556004 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888564110 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888577938 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888586998 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888595104 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888603926 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888632059 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888642073 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888684034 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888695955 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888719082 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888730049 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888740063 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888748884 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888776064 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888786077 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888833046 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.888840914 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.892549992 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893466949 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893542051 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893556118 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893655062 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893666983 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893683910 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893748045 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893758059 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893765926 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893781900 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:31.893790960 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:32.741188049 CEST5874976777.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:32.832706928 CEST49767587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.168395042 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.173365116 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.391700983 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.391725063 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.391875982 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.392211914 CEST49765587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.392465115 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.397000074 CEST5874976577.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.397280931 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.397341967 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.735780001 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.746572018 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.962527990 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.962690115 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.962737083 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.962990046 CEST49766587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.963340998 CEST49769587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:38.967734098 CEST5874976677.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.968115091 CEST5874976977.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:38.968466043 CEST49769587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.040590048 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.040831089 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.045686960 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.268198967 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.268480062 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.273314953 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.495768070 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.496258020 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.501091957 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.724944115 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.724992037 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.725003004 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.725071907 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.725078106 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.725316048 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.726900101 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.732047081 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.787188053 CEST5874976977.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.787400961 CEST49769587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.792251110 CEST5874976977.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.954798937 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:39.955959082 CEST49768587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:39.960787058 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:40.009175062 CEST5874976977.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:40.051423073 CEST49769587192.168.2.677.88.21.158
                                        Jul 3, 2024 09:00:40.184897900 CEST5874976877.88.21.158192.168.2.6
                                        Jul 3, 2024 09:00:40.228463888 CEST49768587192.168.2.677.88.21.158

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Jul 3, 2024 08:56:27.749515057 CEST6286353192.168.2.61.1.1.1
                                        Jul 3, 2024 08:56:27.758934975 CEST53628631.1.1.1192.168.2.6
                                        Jul 3, 2024 08:56:28.448509932 CEST5806353192.168.2.61.1.1.1
                                        Jul 3, 2024 08:56:28.455954075 CEST53580631.1.1.1192.168.2.6
                                        Jul 3, 2024 08:56:30.116430044 CEST5292253192.168.2.61.1.1.1
                                        Jul 3, 2024 08:56:30.125329018 CEST53529221.1.1.1192.168.2.6

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Jul 3, 2024 08:56:27.749515057 CEST192.168.2.61.1.1.10xe729Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                        Jul 3, 2024 08:56:28.448509932 CEST192.168.2.61.1.1.10x487Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                        Jul 3, 2024 08:56:30.116430044 CEST192.168.2.61.1.1.10x7552Standard query (0)smtp.yandex.comA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Jul 3, 2024 08:56:27.758934975 CEST1.1.1.1192.168.2.60xe729No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                        Jul 3, 2024 08:56:27.758934975 CEST1.1.1.1192.168.2.60xe729No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                        Jul 3, 2024 08:56:27.758934975 CEST1.1.1.1192.168.2.60xe729No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                        Jul 3, 2024 08:56:28.455954075 CEST1.1.1.1192.168.2.60x487No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                        Jul 3, 2024 08:56:30.125329018 CEST1.1.1.1192.168.2.60x7552No error (0)smtp.yandex.comsmtp.yandex.ruCNAME (Canonical name)IN (0x0001)false
                                        Jul 3, 2024 08:56:30.125329018 CEST1.1.1.1192.168.2.60x7552No error (0)smtp.yandex.ru77.88.21.158A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • api.ipify.org
                                        • ip-api.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.649716208.95.112.1806600C:\Users\user\Desktop\2024.scr.exe
                                        TimestampBytes transferredDirectionData
                                        Jul 3, 2024 08:56:28.462349892 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                        Host: ip-api.com
                                        Connection: Keep-Alive
                                        Jul 3, 2024 08:56:28.938529968 CEST175INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:27 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 60
                                        X-Rl: 44
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.649723208.95.112.1806840C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        TimestampBytes transferredDirectionData
                                        Jul 3, 2024 08:56:42.052326918 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                        Host: ip-api.com
                                        Connection: Keep-Alive
                                        Jul 3, 2024 08:56:42.762269974 CEST175INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:41 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 46
                                        X-Rl: 43
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false
                                        Jul 3, 2024 08:56:42.762798071 CEST175INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:41 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 46
                                        X-Rl: 43
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.649731208.95.112.1805388C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        TimestampBytes transferredDirectionData
                                        Jul 3, 2024 08:56:50.147304058 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                        Host: ip-api.com
                                        Connection: Keep-Alive
                                        Jul 3, 2024 08:56:50.631933928 CEST175INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:49 GMT
                                        Content-Type: text/plain; charset=utf-8
                                        Content-Length: 6
                                        Access-Control-Allow-Origin: *
                                        X-Ttl: 38
                                        X-Rl: 42
                                        Data Raw: 66 61 6c 73 65 0a
                                        Data Ascii: false


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.649714104.26.13.2054436600C:\Users\user\Desktop\2024.scr.exe
                                        TimestampBytes transferredDirectionData
                                        2024-07-03 06:56:28 UTC155OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                        Host: api.ipify.org
                                        Connection: Keep-Alive
                                        2024-07-03 06:56:28 UTC211INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:28 GMT
                                        Content-Type: text/plain
                                        Content-Length: 11
                                        Connection: close
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 89d4f9d159cc1971-EWR
                                        2024-07-03 06:56:28 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                                        Data Ascii: 8.46.123.33


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.649722104.26.13.2054436840C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        TimestampBytes transferredDirectionData
                                        2024-07-03 06:56:41 UTC155OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                        Host: api.ipify.org
                                        Connection: Keep-Alive
                                        2024-07-03 06:56:42 UTC211INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:41 GMT
                                        Content-Type: text/plain
                                        Content-Length: 11
                                        Connection: close
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 89d4fa266cb40fa8-EWR
                                        2024-07-03 06:56:42 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                                        Data Ascii: 8.46.123.33


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.649730104.26.13.2054435388C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        TimestampBytes transferredDirectionData
                                        2024-07-03 06:56:50 UTC155OUTGET / HTTP/1.1
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                        Host: api.ipify.org
                                        Connection: Keep-Alive
                                        2024-07-03 06:56:50 UTC211INHTTP/1.1 200 OK
                                        Date: Wed, 03 Jul 2024 06:56:50 GMT
                                        Content-Type: text/plain
                                        Content-Length: 11
                                        Connection: close
                                        Vary: Origin
                                        CF-Cache-Status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 89d4fa58d8a8c407-EWR
                                        2024-07-03 06:56:50 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                                        Data Ascii: 8.46.123.33


                                        SMTP Packets

                                        TimestampSource PortDest PortSource IPDest IPCommands
                                        Jul 3, 2024 08:56:30.973474979 CEST5874971877.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-91.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989790-UuQvFQ68NKo0
                                        Jul 3, 2024 08:56:30.973750114 CEST49718587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:56:31.192982912 CEST5874971877.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-91.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:56:31.193267107 CEST49718587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:56:31.417881966 CEST5874971877.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:56:44.346386909 CEST5874972577.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989804-iuQAeG6LkCg0
                                        Jul 3, 2024 08:56:44.349710941 CEST49725587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:56:44.736877918 CEST5874972577.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:56:44.737101078 CEST49725587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:56:44.972678900 CEST5874972577.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:56:51.833400965 CEST5874973277.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-77.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989811-puQrdGBXv8c0
                                        Jul 3, 2024 08:56:51.833730936 CEST49732587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:56:52.056874037 CEST5874973277.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-77.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:56:52.057053089 CEST49732587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:56:52.280127048 CEST5874973277.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:57:56.345632076 CEST5874973877.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-91.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989876-tvQRh2BMeSw0
                                        Jul 3, 2024 08:57:56.345782995 CEST49738587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:57:56.565087080 CEST5874973977.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-45.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989876-uvQWlvCkJiE0
                                        Jul 3, 2024 08:57:56.565227985 CEST49739587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:57:56.568001032 CEST5874973877.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-91.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:57:56.568120956 CEST49738587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:57:56.790924072 CEST5874973977.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-45.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:57:56.790950060 CEST5874973877.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:57:56.791078091 CEST49739587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:57:57.016742945 CEST5874973977.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:07.534634113 CEST5874974177.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989887-6wQG9oFOgKo0
                                        Jul 3, 2024 08:58:07.541846991 CEST49741587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:07.774717093 CEST5874974177.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:07.781836033 CEST49741587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:08.014487028 CEST5874974177.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:15.491292000 CEST5874974277.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-92.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989895-FwQYo7BOreA0
                                        Jul 3, 2024 08:58:15.491478920 CEST49742587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:15.710964918 CEST5874974277.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-92.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:15.711803913 CEST49742587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:15.930042982 CEST5874974277.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:22.742201090 CEST5874974377.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989902-MwQqI3GOdKo0
                                        Jul 3, 2024 08:58:22.742355108 CEST49743587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:22.974255085 CEST5874974377.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-36.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:22.974423885 CEST49743587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:23.209619045 CEST5874974377.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:30.595355988 CEST5874974477.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-59.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989910-UwQvW545J8c0
                                        Jul 3, 2024 08:58:30.595520020 CEST49744587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:30.813178062 CEST5874974477.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-59.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:30.813335896 CEST49744587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:31.031236887 CEST5874974477.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:33.340214968 CEST5874974577.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-73.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989913-XwQTas4VvW20
                                        Jul 3, 2024 08:58:33.341950893 CEST49745587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:33.559601068 CEST5874974577.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-73.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:33.561990976 CEST49745587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:33.779735088 CEST5874974577.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:40.401215076 CEST5874974777.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-46.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989920-ewQOUfFo6uQ0
                                        Jul 3, 2024 08:58:40.401485920 CEST49747587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:40.629669905 CEST5874974777.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-46.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:41.345575094 CEST5874974877.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-37.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989921-fwQE0LBOceA0
                                        Jul 3, 2024 08:58:41.345837116 CEST49748587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:41.569678068 CEST5874974877.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-37.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:41.570063114 CEST49748587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:41.793855906 CEST5874974877.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:49.671139002 CEST5874974977.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-90.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989929-nwQHG6B7OmI0
                                        Jul 3, 2024 08:58:49.672353983 CEST49749587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:50.475076914 CEST5874975077.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-85.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989930-owQ4YIBoJ4Y0
                                        Jul 3, 2024 08:58:50.475260973 CEST49750587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:50.697629929 CEST5874975077.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-85.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:50.697783947 CEST49750587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:50.919424057 CEST5874975077.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:53.546324968 CEST5874975177.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-52.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989933-rwQ5DGCn4Ko0
                                        Jul 3, 2024 08:58:53.581866026 CEST49751587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:53.814362049 CEST5874975177.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-52.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:53.818017960 CEST49751587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:54.051852942 CEST5874975177.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:55.014992952 CEST5874975277.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-77.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989934-swQlgHBXwuQ0
                                        Jul 3, 2024 08:58:55.016294003 CEST49752587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:55.232875109 CEST5874975277.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-77.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:55.233099937 CEST49752587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:55.273555040 CEST5874975377.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-55.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989935-swQiJj5p6Os0
                                        Jul 3, 2024 08:58:55.278544903 CEST49753587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:58:55.448677063 CEST5874975277.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:58:55.503750086 CEST5874975377.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-55.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:58:55.504374981 CEST49753587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:58:55.729125977 CEST5874975377.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:04.375471115 CEST5874975477.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989944-4xQbSF7rKeA0
                                        Jul 3, 2024 08:59:04.375613928 CEST49754587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:04.608098030 CEST5874975477.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-10.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:04.608318090 CEST49754587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:04.840655088 CEST5874975477.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:11.078285933 CEST5874975577.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-68.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989950-AxQouXFoNuQ0
                                        Jul 3, 2024 08:59:11.103054047 CEST49755587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:11.422039032 CEST5874975577.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-68.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:11.426070929 CEST49755587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:11.650269985 CEST5874975577.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:12.534254074 CEST5874975677.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989952-CxQR354JiSw0
                                        Jul 3, 2024 08:59:12.534405947 CEST49756587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:12.752820969 CEST5874975677.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-69.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:12.753010988 CEST49756587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:12.971375942 CEST5874975677.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:14.953675032 CEST5874975777.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-31.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989954-ExQwmK6aqmI0
                                        Jul 3, 2024 08:59:14.953804970 CEST49757587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:15.182599068 CEST5874975777.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-31.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:15.184077978 CEST49757587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:15.412640095 CEST5874975777.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:27.465300083 CEST5874975877.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-37.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989967-RxQXRLBOeGk0
                                        Jul 3, 2024 08:59:27.465500116 CEST49758587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:27.692715883 CEST5874975877.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-37.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:27.692893028 CEST49758587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:27.920177937 CEST5874975877.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:32.146977901 CEST5874975977.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-45.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989972-WxQLY9Bo9Os0
                                        Jul 3, 2024 08:59:32.147170067 CEST49759587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:32.365849018 CEST5874975977.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-45.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:32.366039991 CEST49759587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:32.584547997 CEST5874975977.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:41.225677967 CEST5874976077.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-74.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989981-exQjPg5FbeA0
                                        Jul 3, 2024 08:59:41.225852013 CEST49760587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:41.451735973 CEST5874976077.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-74.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:41.451936007 CEST49760587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:41.676901102 CEST5874976077.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 08:59:52.309062004 CEST5874976177.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-37.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989992-qxQoeLBOlOs0
                                        Jul 3, 2024 08:59:52.310084105 CEST49761587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 08:59:52.539174080 CEST5874976177.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-37.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 08:59:52.539390087 CEST49761587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 08:59:52.767983913 CEST5874976177.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:00.695794106 CEST5874976377.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989999-xxQ5n9GmHSw0
                                        Jul 3, 2024 09:00:00.696543932 CEST5874976377.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989999-xxQ5n9GmHSw0
                                        Jul 3, 2024 09:00:00.697474003 CEST5874976377.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719989999-xxQ5n9GmHSw0
                                        Jul 3, 2024 09:00:00.697732925 CEST49763587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:00.927169085 CEST5874976377.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-25.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 09:00:00.928838015 CEST49763587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 09:00:01.158061028 CEST5874976377.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:17.073498011 CEST5874976477.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990016-G0RJopFOieA0
                                        Jul 3, 2024 09:00:17.074194908 CEST49764587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:17.306154013 CEST5874976477.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-87.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 09:00:17.306390047 CEST49764587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 09:00:17.535521984 CEST5874976477.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:21.062767029 CEST5874976577.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-54.iva.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990020-K0R9Au7vC8c0
                                        Jul 3, 2024 09:00:21.063066959 CEST49765587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:21.285887003 CEST5874976577.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-54.iva.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 09:00:21.286082983 CEST49765587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 09:00:21.508758068 CEST5874976577.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:23.578650951 CEST5874976677.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-19.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990023-M0RGXEG7NqM0
                                        Jul 3, 2024 09:00:23.578780890 CEST5874976677.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-19.sas.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990023-M0RGXEG7NqM0
                                        Jul 3, 2024 09:00:23.578814030 CEST49766587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:23.808073997 CEST5874976677.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-19.sas.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 09:00:23.808233976 CEST49766587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 09:00:24.034830093 CEST5874976677.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:29.564940929 CEST5874976777.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990029-T0R6LJ6Ln0U0
                                        Jul 3, 2024 09:00:29.565187931 CEST49767587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:29.785742998 CEST5874976777.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-54.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 09:00:29.810892105 CEST49767587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 09:00:30.031303883 CEST5874976777.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:39.040590048 CEST5874976877.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-52.vla.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990038-c0RrWHCnHOs0
                                        Jul 3, 2024 09:00:39.040831089 CEST49768587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:39.268198967 CEST5874976877.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-52.vla.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES
                                        Jul 3, 2024 09:00:39.268480062 CEST49768587192.168.2.677.88.21.158STARTTLS
                                        Jul 3, 2024 09:00:39.495768070 CEST5874976877.88.21.158192.168.2.6220 Go ahead
                                        Jul 3, 2024 09:00:39.787188053 CEST5874976977.88.21.158192.168.2.6220 mail-nwsmtp-smtp-production-main-81.myt.yp-c.yandex.net (Want to use Yandex.Mail for your domain? Visit http://pdd.yandex.ru) 1719990039-d0RAL5BOc4Y0
                                        Jul 3, 2024 09:00:39.787400961 CEST49769587192.168.2.677.88.21.158EHLO 216041
                                        Jul 3, 2024 09:00:40.009175062 CEST5874976977.88.21.158192.168.2.6250-mail-nwsmtp-smtp-production-main-81.myt.yp-c.yandex.net
                                        250-8BITMIME
                                        250-PIPELINING
                                        250-SIZE 53477376
                                        250-STARTTLS
                                        250-AUTH LOGIN PLAIN XOAUTH2
                                        250-DSN
                                        250 ENHANCEDSTATUSCODES

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:02:56:24
                                        Start date:03/07/2024
                                        Path:C:\Users\user\Desktop\2024.scr.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\2024.scr.exe"
                                        Imagebase:0x290000
                                        File size:1'050'120 bytes
                                        MD5 hash:225EAFFF6079CB1E726BC1FF4255225C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2151973804.000000000376C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:3
                                        Start time:02:56:26
                                        Start date:03/07/2024
                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\2024.scr.exe"
                                        Imagebase:0xf0000
                                        File size:433'152 bytes
                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:02:56:26
                                        Start date:03/07/2024
                                        Path:C:\Users\user\Desktop\2024.scr.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\2024.scr.exe"
                                        Imagebase:0xa20000
                                        File size:1'050'120 bytes
                                        MD5 hash:225EAFFF6079CB1E726BC1FF4255225C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4619512401.0000000002EBC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:5
                                        Start time:02:56:26
                                        Start date:03/07/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff66e660000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:6
                                        Start time:02:56:28
                                        Start date:03/07/2024
                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                        Imagebase:0x7ff717f30000
                                        File size:496'640 bytes
                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                        Has elevated privileges:true
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:7
                                        Start time:02:56:38
                                        Start date:03/07/2024
                                        Path:C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                                        Imagebase:0xb60000
                                        File size:1'050'120 bytes
                                        MD5 hash:225EAFFF6079CB1E726BC1FF4255225C
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2291548460.000000000408D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 61%, ReversingLabs
                                        • Detection: 47%, Virustotal, Browse
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:02:56:40
                                        Start date:03/07/2024
                                        Path:C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                                        Imagebase:0xfe0000
                                        File size:1'050'120 bytes
                                        MD5 hash:225EAFFF6079CB1E726BC1FF4255225C
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4619569539.0000000003635000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:12
                                        Start time:02:56:47
                                        Start date:03/07/2024
                                        Path:C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                                        Imagebase:0x600000
                                        File size:1'050'120 bytes
                                        MD5 hash:225EAFFF6079CB1E726BC1FF4255225C
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2370533184.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:13
                                        Start time:02:56:47
                                        Start date:03/07/2024
                                        Path:C:\Users\user\AppData\Roaming\Logon32\Logon32.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Logon32\Logon32.exe"
                                        Imagebase:0xd10000
                                        File size:1'050'120 bytes
                                        MD5 hash:225EAFFF6079CB1E726BC1FF4255225C
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.4618767842.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:false

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:8.1%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:183
                                          Total number of Limit Nodes:8
                                          execution_graph 27340 d6d040 27341 d6d086 27340->27341 27345 d6d628 27341->27345 27348 d6d618 27341->27348 27342 d6d173 27346 d6d656 27345->27346 27351 d6d27c 27345->27351 27346->27342 27349 d6d27c DuplicateHandle 27348->27349 27350 d6d656 27349->27350 27350->27342 27352 d6d690 DuplicateHandle 27351->27352 27353 d6d726 27352->27353 27353->27346 27354 d6acb0 27358 d6ad97 27354->27358 27366 d6ada8 27354->27366 27355 d6acbf 27359 d6adb9 27358->27359 27360 d6addc 27358->27360 27359->27360 27374 d6b040 27359->27374 27378 d6b030 27359->27378 27360->27355 27361 d6add4 27361->27360 27362 d6afe0 GetModuleHandleW 27361->27362 27363 d6b00d 27362->27363 27363->27355 27367 d6adb9 27366->27367 27368 d6addc 27366->27368 27367->27368 27372 d6b040 LoadLibraryExW 27367->27372 27373 d6b030 LoadLibraryExW 27367->27373 27368->27355 27369 d6add4 27369->27368 27370 d6afe0 GetModuleHandleW 27369->27370 27371 d6b00d 27370->27371 27371->27355 27372->27369 27373->27369 27376 d6b054 27374->27376 27375 d6b079 27375->27361 27376->27375 27382 d6a130 27376->27382 27379 d6b054 27378->27379 27380 d6b079 27379->27380 27381 d6a130 LoadLibraryExW 27379->27381 27380->27361 27381->27380 27383 d6b220 LoadLibraryExW 27382->27383 27385 d6b299 27383->27385 27385->27375 27174 cee0b22 27175 cee0b1b 27174->27175 27176 cee0b28 27174->27176 27181 cee24ee 27176->27181 27198 cee2478 27176->27198 27214 cee2488 27176->27214 27177 cee0ee3 27182 cee247c 27181->27182 27184 cee24f1 27181->27184 27183 cee24aa 27182->27183 27230 cee2dee 27182->27230 27235 cee3216 27182->27235 27240 cee28fa 27182->27240 27246 cee2ebc 27182->27246 27251 cee2f62 27182->27251 27255 cee2a64 27182->27255 27260 cee2fa4 27182->27260 27264 cee2f27 27182->27264 27268 cee2dc8 27182->27268 27273 cee304b 27182->27273 27278 cee2b8a 27182->27278 27283 cee2b6d 27182->27283 27288 cee2a8d 27182->27288 27183->27177 27199 cee24a2 27198->27199 27200 cee24aa 27199->27200 27201 cee2dee 2 API calls 27199->27201 27202 cee2a8d 2 API calls 27199->27202 27203 cee2b6d 2 API calls 27199->27203 27204 cee2b8a 2 API calls 27199->27204 27205 cee304b 2 API calls 27199->27205 27206 cee2dc8 2 API calls 27199->27206 27207 cee2f27 2 API calls 27199->27207 27208 cee2fa4 2 API calls 27199->27208 27209 cee2a64 2 API calls 27199->27209 27210 cee2f62 2 API calls 27199->27210 27211 cee2ebc 2 API calls 27199->27211 27212 cee28fa 2 API calls 27199->27212 27213 cee3216 2 API calls 27199->27213 27200->27177 27201->27200 27202->27200 27203->27200 27204->27200 27205->27200 27206->27200 27207->27200 27208->27200 27209->27200 27210->27200 27211->27200 27212->27200 27213->27200 27215 cee24a2 27214->27215 27216 cee2dee 2 API calls 27215->27216 27217 cee2a8d 2 API calls 27215->27217 27218 cee2b6d 2 API calls 27215->27218 27219 cee2b8a 2 API calls 27215->27219 27220 cee304b 2 API calls 27215->27220 27221 cee2dc8 2 API calls 27215->27221 27222 cee2f27 2 API calls 27215->27222 27223 cee2fa4 2 API calls 27215->27223 27224 cee2a64 2 API calls 27215->27224 27225 cee24aa 27215->27225 27226 cee2f62 2 API calls 27215->27226 27227 cee2ebc 2 API calls 27215->27227 27228 cee28fa 2 API calls 27215->27228 27229 cee3216 2 API calls 27215->27229 27216->27225 27217->27225 27218->27225 27219->27225 27220->27225 27221->27225 27222->27225 27223->27225 27224->27225 27225->27177 27226->27225 27227->27225 27228->27225 27229->27225 27231 cee2ae7 27230->27231 27232 cee2fea 27231->27232 27292 cee0458 27231->27292 27296 cee0460 27231->27296 27232->27183 27236 cee321c 27235->27236 27300 cee0218 27236->27300 27304 cee0210 27236->27304 27237 cee32c1 27241 cee28ae 27240->27241 27242 cee2912 27240->27242 27241->27183 27308 cee06dc 27242->27308 27312 cee06e8 27242->27312 27247 cee2ec2 27246->27247 27249 cee0218 ResumeThread 27247->27249 27250 cee0210 ResumeThread 27247->27250 27248 cee32c1 27249->27248 27250->27248 27316 cee0548 27251->27316 27320 cee0550 27251->27320 27252 cee2f84 27256 cee2a87 27255->27256 27257 cee2fea 27256->27257 27258 cee0458 WriteProcessMemory 27256->27258 27259 cee0460 WriteProcessMemory 27256->27259 27257->27183 27258->27256 27259->27256 27324 cee02c8 27260->27324 27328 cee02c1 27260->27328 27261 cee2b09 27261->27183 27266 cee02c8 Wow64SetThreadContext 27264->27266 27267 cee02c1 Wow64SetThreadContext 27264->27267 27265 cee2f43 27266->27265 27267->27265 27269 cee305d 27268->27269 27271 cee0458 WriteProcessMemory 27269->27271 27272 cee0460 WriteProcessMemory 27269->27272 27270 cee3098 27271->27270 27272->27270 27274 cee3074 27273->27274 27276 cee0458 WriteProcessMemory 27274->27276 27277 cee0460 WriteProcessMemory 27274->27277 27275 cee3098 27276->27275 27277->27275 27279 cee2ba3 27278->27279 27281 cee0218 ResumeThread 27279->27281 27282 cee0210 ResumeThread 27279->27282 27280 cee32c1 27281->27280 27282->27280 27284 cee2e43 27283->27284 27332 cee0399 27284->27332 27336 cee03a0 27284->27336 27285 cee2e61 27290 cee0458 WriteProcessMemory 27288->27290 27291 cee0460 WriteProcessMemory 27288->27291 27289 cee29f9 27290->27289 27291->27289 27293 cee04a8 WriteProcessMemory 27292->27293 27295 cee04ff 27293->27295 27295->27231 27297 cee04a8 WriteProcessMemory 27296->27297 27299 cee04ff 27297->27299 27299->27231 27301 cee0258 ResumeThread 27300->27301 27303 cee0289 27301->27303 27303->27237 27305 cee0258 ResumeThread 27304->27305 27307 cee0289 27305->27307 27307->27237 27309 cee0771 CreateProcessA 27308->27309 27311 cee0933 27309->27311 27313 cee0771 CreateProcessA 27312->27313 27315 cee0933 27313->27315 27317 cee059b ReadProcessMemory 27316->27317 27319 cee05df 27317->27319 27319->27252 27321 cee059b ReadProcessMemory 27320->27321 27323 cee05df 27321->27323 27323->27252 27325 cee030d Wow64SetThreadContext 27324->27325 27327 cee0355 27325->27327 27327->27261 27329 cee030d Wow64SetThreadContext 27328->27329 27331 cee0355 27329->27331 27331->27261 27333 cee03e0 VirtualAllocEx 27332->27333 27335 cee041d 27333->27335 27335->27285 27337 cee03e0 VirtualAllocEx 27336->27337 27339 cee041d 27337->27339 27339->27285 27386 cee36c0 27387 cee384b 27386->27387 27389 cee36e6 27386->27389 27389->27387 27390 cee153c 27389->27390 27391 cee3940 PostMessageW 27390->27391 27392 cee39ac 27391->27392 27392->27389 27393 d64668 27394 d6467a 27393->27394 27395 d64686 27394->27395 27397 d64779 27394->27397 27398 d6479d 27397->27398 27402 d64888 27398->27402 27406 d64878 27398->27406 27403 d648af 27402->27403 27404 d6498c 27403->27404 27410 d644b0 27403->27410 27408 d648af 27406->27408 27407 d6498c 27407->27407 27408->27407 27409 d644b0 CreateActCtxA 27408->27409 27409->27407 27411 d65918 CreateActCtxA 27410->27411 27413 d659db 27411->27413

                                          Executed Functions

                                          Function 0CEE2B62 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f309e4508882aefa65a50e9b01aa79366afbbdee250e59bfdbf7da2c4ceb7411
                                          • Instruction ID: e31c1bd06b89f681a7d580d9a0fc7fa98b9d58ee2b7c1e442039a187735dfa17
                                          • Opcode Fuzzy Hash: f309e4508882aefa65a50e9b01aa79366afbbdee250e59bfdbf7da2c4ceb7411
                                          • Instruction Fuzzy Hash: B2A00205CCF048D4D1105C5450418F9C03C330F8E0F503894412F730235C95C084002C
                                          Function 0CEE06DC Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 cee06dc-cee077d 2 cee077f-cee0789 0->2 3 cee07b6-cee07d6 0->3 2->3 4 cee078b-cee078d 2->4 10 cee080f-cee083e 3->10 11 cee07d8-cee07e2 3->11 5 cee078f-cee0799 4->5 6 cee07b0-cee07b3 4->6 8 cee079d-cee07ac 5->8 9 cee079b 5->9 6->3 8->8 12 cee07ae 8->12 9->8 17 cee0877-cee0931 CreateProcessA 10->17 18 cee0840-cee084a 10->18 11->10 13 cee07e4-cee07e6 11->13 12->6 15 cee07e8-cee07f2 13->15 16 cee0809-cee080c 13->16 19 cee07f6-cee0805 15->19 20 cee07f4 15->20 16->10 31 cee093a-cee09c0 17->31 32 cee0933-cee0939 17->32 18->17 21 cee084c-cee084e 18->21 19->19 22 cee0807 19->22 20->19 23 cee0850-cee085a 21->23 24 cee0871-cee0874 21->24 22->16 26 cee085e-cee086d 23->26 27 cee085c 23->27 24->17 26->26 28 cee086f 26->28 27->26 28->24 42 cee09c2-cee09c6 31->42 43 cee09d0-cee09d4 31->43 32->31 42->43 44 cee09c8 42->44 45 cee09d6-cee09da 43->45 46 cee09e4-cee09e8 43->46 44->43 45->46 47 cee09dc 45->47 48 cee09ea-cee09ee 46->48 49 cee09f8-cee09fc 46->49 47->46 48->49 52 cee09f0 48->52 50 cee0a0e-cee0a15 49->50 51 cee09fe-cee0a04 49->51 53 cee0a2c 50->53 54 cee0a17-cee0a26 50->54 51->50 52->49 56 cee0a2d 53->56 54->53 56->56
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0CEE091E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: c005dc3f82a55755d7a1fca2ac6d621bfbac74aa97763766425168f9f49b52e2
                                          • Instruction ID: dc72331a45046b9cceee84e75282b99420f84af19f049e34ad0304188fd7b9cb
                                          • Opcode Fuzzy Hash: c005dc3f82a55755d7a1fca2ac6d621bfbac74aa97763766425168f9f49b52e2
                                          • Instruction Fuzzy Hash: 34A18B71E003198FEB10DFA9C8417EEBBB2FF48354F1491A9E848A7240DBB59985DF91
                                          Function 0CEE06E8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 57 cee06e8-cee077d 59 cee077f-cee0789 57->59 60 cee07b6-cee07d6 57->60 59->60 61 cee078b-cee078d 59->61 67 cee080f-cee083e 60->67 68 cee07d8-cee07e2 60->68 62 cee078f-cee0799 61->62 63 cee07b0-cee07b3 61->63 65 cee079d-cee07ac 62->65 66 cee079b 62->66 63->60 65->65 69 cee07ae 65->69 66->65 74 cee0877-cee0931 CreateProcessA 67->74 75 cee0840-cee084a 67->75 68->67 70 cee07e4-cee07e6 68->70 69->63 72 cee07e8-cee07f2 70->72 73 cee0809-cee080c 70->73 76 cee07f6-cee0805 72->76 77 cee07f4 72->77 73->67 88 cee093a-cee09c0 74->88 89 cee0933-cee0939 74->89 75->74 78 cee084c-cee084e 75->78 76->76 79 cee0807 76->79 77->76 80 cee0850-cee085a 78->80 81 cee0871-cee0874 78->81 79->73 83 cee085e-cee086d 80->83 84 cee085c 80->84 81->74 83->83 85 cee086f 83->85 84->83 85->81 99 cee09c2-cee09c6 88->99 100 cee09d0-cee09d4 88->100 89->88 99->100 101 cee09c8 99->101 102 cee09d6-cee09da 100->102 103 cee09e4-cee09e8 100->103 101->100 102->103 104 cee09dc 102->104 105 cee09ea-cee09ee 103->105 106 cee09f8-cee09fc 103->106 104->103 105->106 109 cee09f0 105->109 107 cee0a0e-cee0a15 106->107 108 cee09fe-cee0a04 106->108 110 cee0a2c 107->110 111 cee0a17-cee0a26 107->111 108->107 109->106 113 cee0a2d 110->113 111->110 113->113
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0CEE091E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 2b0ae7e5761bc8bfb2c00b3be5a0f5b2086f2f807fd3db6aeb6b0cf4d61aca3b
                                          • Instruction ID: a55010a17dee384f2c90defca95dc9b4cc97cea23b6eb2ca5cac02ef06326494
                                          • Opcode Fuzzy Hash: 2b0ae7e5761bc8bfb2c00b3be5a0f5b2086f2f807fd3db6aeb6b0cf4d61aca3b
                                          • Instruction Fuzzy Hash: AD917A71E003198FEB10CFA9C8417EEBBB2FF48314F1491A9E808A7240DBB59985DF91
                                          Function 00D6ADA8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 114 d6ada8-d6adb7 115 d6ade3-d6ade7 114->115 116 d6adb9-d6adc6 call d6a0cc 114->116 118 d6adfb-d6ae3c 115->118 119 d6ade9-d6adf3 115->119 122 d6addc 116->122 123 d6adc8 116->123 125 d6ae3e-d6ae46 118->125 126 d6ae49-d6ae57 118->126 119->118 122->115 169 d6adce call d6b040 123->169 170 d6adce call d6b030 123->170 125->126 127 d6ae7b-d6ae7d 126->127 128 d6ae59-d6ae5e 126->128 133 d6ae80-d6ae87 127->133 130 d6ae60-d6ae67 call d6a0d8 128->130 131 d6ae69 128->131 129 d6add4-d6add6 129->122 132 d6af18-d6afd8 129->132 137 d6ae6b-d6ae79 130->137 131->137 164 d6afe0-d6b00b GetModuleHandleW 132->164 165 d6afda-d6afdd 132->165 135 d6ae94-d6ae9b 133->135 136 d6ae89-d6ae91 133->136 140 d6ae9d-d6aea5 135->140 141 d6aea8-d6aeaa call d6a0e8 135->141 136->135 137->133 140->141 143 d6aeaf-d6aeb1 141->143 145 d6aeb3-d6aebb 143->145 146 d6aebe-d6aec3 143->146 145->146 147 d6aec5-d6aecc 146->147 148 d6aee1-d6aeee 146->148 147->148 150 d6aece-d6aede call d6a0f8 call d6a108 147->150 155 d6aef0-d6af0e 148->155 156 d6af11-d6af17 148->156 150->148 155->156 166 d6b014-d6b028 164->166 167 d6b00d-d6b013 164->167 165->164 167->166 169->129 170->129
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00D6AFFE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 7071365668d8efc58c2c23811f8c3e893dc3038085be4c78f91a204151423be6
                                          • Instruction ID: bb4875cb991c1fcce37a7616d5eb2bef9fa5293809e85a1cfe4cc5c1daf6d8a0
                                          • Opcode Fuzzy Hash: 7071365668d8efc58c2c23811f8c3e893dc3038085be4c78f91a204151423be6
                                          • Instruction Fuzzy Hash: 5D711370A00B058FDB24DF29C45579ABBF1FF88300F048A29E48AE7A51D775E949CFA1
                                          Function 00D644B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 171 d644b0-d659d9 CreateActCtxA 174 d659e2-d65a3c 171->174 175 d659db-d659e1 171->175 182 d65a3e-d65a41 174->182 183 d65a4b-d65a4f 174->183 175->174 182->183 184 d65a60 183->184 185 d65a51-d65a5d 183->185 187 d65a61 184->187 185->184 187->187
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 00D659C9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: c6f500761a27f61feb579adb09117e7d0ce348f8a76cfaa57560f3455f2a43a2
                                          • Instruction ID: e193a767b27675c3f8016cbc6508912e75bb694cff1d30846e2d989d0b8ae84b
                                          • Opcode Fuzzy Hash: c6f500761a27f61feb579adb09117e7d0ce348f8a76cfaa57560f3455f2a43a2
                                          • Instruction Fuzzy Hash: F041D170C0071DCBDB24CFA9C885BDEBBB5BF48704F2081AAD448AB255DB756985CFA0
                                          Function 00D6590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 188 d6590d-d65912 189 d6591c-d659d9 CreateActCtxA 188->189 191 d659e2-d65a3c 189->191 192 d659db-d659e1 189->192 199 d65a3e-d65a41 191->199 200 d65a4b-d65a4f 191->200 192->191 199->200 201 d65a60 200->201 202 d65a51-d65a5d 200->202 204 d65a61 201->204 202->201 204->204
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 00D659C9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 45e569777dc8c6b9c4ed386f936c831dff87129ff5ba5eac88af9728072c77ec
                                          • Instruction ID: 8def35d0eeb5a45a367b6a70efd9c52e2c37b6a4f1ce99ce78be79e4ec0c9db5
                                          • Opcode Fuzzy Hash: 45e569777dc8c6b9c4ed386f936c831dff87129ff5ba5eac88af9728072c77ec
                                          • Instruction Fuzzy Hash: 2041DF70C00719CFDB24DFA9C885BDDBBB5BF88304F24819AD408AB255DBB56985CF90
                                          Function 00D6D751 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 205 d6d751-d6d758 206 d6d714-d6d724 DuplicateHandle 205->206 207 d6d75a-d6d87e 205->207 208 d6d726-d6d72c 206->208 209 d6d72d-d6d74a 206->209 208->209
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00D6D656,?,?,?,?,?), ref: 00D6D717
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 6b96fafadc2d13b09f8ed4d128c8eff622710ef05fefb79b50c48fc84e67c526
                                          • Instruction ID: 2b9dbe4105045d6d0bb8c164746635763945efb15ceee2f34faf958fc773640e
                                          • Opcode Fuzzy Hash: 6b96fafadc2d13b09f8ed4d128c8eff622710ef05fefb79b50c48fc84e67c526
                                          • Instruction Fuzzy Hash: 7D31A734E413408FE704DF60E4647693BA9F7C5710F52952AD9518B7D8DBB44CA5CF20
                                          Function 0CEE0458 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 223 cee0458-cee04ae 225 cee04be-cee04fd WriteProcessMemory 223->225 226 cee04b0-cee04bc 223->226 228 cee04ff-cee0505 225->228 229 cee0506-cee0536 225->229 226->225 228->229
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0CEE04F0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 1220205e8aeccac7d866211f46a25dc861ea611d901d8ff81c7b780055edd868
                                          • Instruction ID: f851303eb6c7c9bd9bc133440f7fc0b3ba26dadebc01052a0b7554af00974242
                                          • Opcode Fuzzy Hash: 1220205e8aeccac7d866211f46a25dc861ea611d901d8ff81c7b780055edd868
                                          • Instruction Fuzzy Hash: 5821357190035A9FDB10DFA9C881BEEBBF0FF48310F10842AE919A7250C7789955DBA4
                                          Function 0CEE0460 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 233 cee0460-cee04ae 235 cee04be-cee04fd WriteProcessMemory 233->235 236 cee04b0-cee04bc 233->236 238 cee04ff-cee0505 235->238 239 cee0506-cee0536 235->239 236->235 238->239
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0CEE04F0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: e1d49f5824b6a644e00581ff34322deda127ae4e6bcfdc57bbd42f0f30a52528
                                          • Instruction ID: 0cab4c8708293ca25d90fad4f6593973572f7c32bab00bc6a09982b635e720fd
                                          • Opcode Fuzzy Hash: e1d49f5824b6a644e00581ff34322deda127ae4e6bcfdc57bbd42f0f30a52528
                                          • Instruction Fuzzy Hash: 6F2136719003599FDB10CFAAC885BDEBBF5FF88310F10842AE919A7240C7789954DBA4
                                          Function 0CEE02C1 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 243 cee02c1-cee0313 245 cee0315-cee0321 243->245 246 cee0323-cee0353 Wow64SetThreadContext 243->246 245->246 248 cee035c-cee038c 246->248 249 cee0355-cee035b 246->249 249->248
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0CEE0346
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 05bc07c43298dc03da50e1ef0bd080c4080a2bebb1e7e571d323f66f71b873b7
                                          • Instruction ID: ee694c45bfc06c89ef4c9356da9edf9d87e4270622a4450c631b456e515e6a61
                                          • Opcode Fuzzy Hash: 05bc07c43298dc03da50e1ef0bd080c4080a2bebb1e7e571d323f66f71b873b7
                                          • Instruction Fuzzy Hash: 82214971D003099FEB10DFAAC4857EEBBF4EF88364F24842AD559A7241CB789945CFA4
                                          Function 0CEE0548 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 253 cee0548-cee05dd ReadProcessMemory 256 cee05df-cee05e5 253->256 257 cee05e6-cee0616 253->257 256->257
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0CEE05D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: a8c4efd49caebe61315f7304c4e21a54888d3f1edafca27382a527b602662d93
                                          • Instruction ID: 44bf839a25259918f828329a5a4936f563618123c5ae44334c53ac9f55171a89
                                          • Opcode Fuzzy Hash: a8c4efd49caebe61315f7304c4e21a54888d3f1edafca27382a527b602662d93
                                          • Instruction Fuzzy Hash: F9214871C003599FDB10DFA9C881BEEBBF4FF48310F14842AE559A7251C7789915DBA0
                                          Function 00D6D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 261 d6d27c-d6d724 DuplicateHandle 263 d6d726-d6d72c 261->263 264 d6d72d-d6d74a 261->264 263->264
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00D6D656,?,?,?,?,?), ref: 00D6D717
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 59af863ebde016856563f23f44a61c12626922dd35a6f671287281e05d09e307
                                          • Instruction ID: 8a02b9687f4120507caee1e4929ce311b6844f243c51ee0978b470cb5f763d53
                                          • Opcode Fuzzy Hash: 59af863ebde016856563f23f44a61c12626922dd35a6f671287281e05d09e307
                                          • Instruction Fuzzy Hash: 9421E3B5D00259DFDB10CF9AD884AEEBBF9EB48310F14801AE959A7310D374A950CFA5
                                          Function 0CEE0550 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 277 cee0550-cee05dd ReadProcessMemory 280 cee05df-cee05e5 277->280 281 cee05e6-cee0616 277->281 280->281
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0CEE05D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: 4d7d05d5558320c5863f05e35f87e186ef90aa298b947a9217d0df93e61e05ac
                                          • Instruction ID: 11448afe3db93f5fe1dda34983bcb1f91f6b62a209bd45a26d765a31a93b2faf
                                          • Opcode Fuzzy Hash: 4d7d05d5558320c5863f05e35f87e186ef90aa298b947a9217d0df93e61e05ac
                                          • Instruction Fuzzy Hash: 69212571C003599FDB10DFAAC881BEEBBF5FF48320F10842AE559A7250C7789954DBA4
                                          Function 0CEE02C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 267 cee02c8-cee0313 269 cee0315-cee0321 267->269 270 cee0323-cee0353 Wow64SetThreadContext 267->270 269->270 272 cee035c-cee038c 270->272 273 cee0355-cee035b 270->273 273->272
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0CEE0346
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: e5e1db627dde25990c6326be81a3c52243410125955df4e5bdbf3ce603e49bb2
                                          • Instruction ID: 816da7f3edf6a06f0f33ec1733408686b3084a96a638375ad5585633451e3e6a
                                          • Opcode Fuzzy Hash: e5e1db627dde25990c6326be81a3c52243410125955df4e5bdbf3ce603e49bb2
                                          • Instruction Fuzzy Hash: 7F212971D003098FDB10DFAAC4857EEBBF4EF88364F248429D559A7241C7789944CFA4
                                          Function 00D6D689 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 285 d6d689-d6d724 DuplicateHandle 286 d6d726-d6d72c 285->286 287 d6d72d-d6d74a 285->287 286->287
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00D6D656,?,?,?,?,?), ref: 00D6D717
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 59a4c8cfcf34222dbfd1249e38fee5ac5c62696e9275d2f40b0e998449fc1dde
                                          • Instruction ID: 152e99b1825ccd7a8c47e068b44e591de1cc5f814ee7e3e574816dd055bf620a
                                          • Opcode Fuzzy Hash: 59a4c8cfcf34222dbfd1249e38fee5ac5c62696e9275d2f40b0e998449fc1dde
                                          • Instruction Fuzzy Hash: F621E3B5900259DFDB10CF99D984ADEBBF5FB48314F14801AE915B7310C374A954CFA5
                                          Function 0CEE0399 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 290 cee0399-cee041b VirtualAllocEx 293 cee041d-cee0423 290->293 294 cee0424-cee0449 290->294 293->294
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0CEE040E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 2c1405ace09014c2116f2010c6bf40e5554608a644fa8f4e0a40a58466c32e93
                                          • Instruction ID: 7c5615ba1620ad657dd861f482415012c530c81d04b27b44ecf1510a103a9f50
                                          • Opcode Fuzzy Hash: 2c1405ace09014c2116f2010c6bf40e5554608a644fa8f4e0a40a58466c32e93
                                          • Instruction Fuzzy Hash: 3E1186719002499FEB10DFAAC845BDFBBF5EF88324F248829E519A7250CB759940DBA0
                                          Function 0CEE0210 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 2145e6d185a124adee360bbeb4bcb3f1f8523dd89de86a34764d30ac6575ad91
                                          • Instruction ID: ac81a9fd3b36bc3981688bc793f0f605cb9d2078d9a01c29be3de66fec1b3bcf
                                          • Opcode Fuzzy Hash: 2145e6d185a124adee360bbeb4bcb3f1f8523dd89de86a34764d30ac6575ad91
                                          • Instruction Fuzzy Hash: 87114971D003498FEB10DFAAC4457EEBBF5EB88724F24842AC519A7250CB759541CB94
                                          Function 00D6A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00D6B079,00000800,00000000,00000000), ref: 00D6B28A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 300ef77f839e566f4741add29833073b54b86f63177ce99b50187ae3555fb3d3
                                          • Instruction ID: a9511bfb8040c20a25edf59e2258c7d5f8a11b6dbbb99bc8a40d4b8d81793112
                                          • Opcode Fuzzy Hash: 300ef77f839e566f4741add29833073b54b86f63177ce99b50187ae3555fb3d3
                                          • Instruction Fuzzy Hash: 431126B68003099FDB10CF9AD444BDEFBF4EB48720F14842AD519B7210C375A944CFA9
                                          Function 0CEE03A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0CEE040E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: b215ac5bc02701ba164967c9d6f4703cec902e1a9874f7d3559e4fb6acc7efc9
                                          • Instruction ID: 7403280fc23525d931be547da2f8e00bde7047766d2e99317294c320950bd8b5
                                          • Opcode Fuzzy Hash: b215ac5bc02701ba164967c9d6f4703cec902e1a9874f7d3559e4fb6acc7efc9
                                          • Instruction Fuzzy Hash: 3B1164729002499FDB10DFAAC845BDFBBF5EF88324F248819E519A7250C775A950CFA0
                                          Function 00D6B218 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00D6B079,00000800,00000000,00000000), ref: 00D6B28A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: bde00ef8aa725a7da1066bf3103f8ae10668a5fbf7c8a34b9c5b38b10b46210b
                                          • Instruction ID: a24dd80d035cf99cd6c7004cb361c7979c6da3619cc9d936b4afa647b1c5e5ad
                                          • Opcode Fuzzy Hash: bde00ef8aa725a7da1066bf3103f8ae10668a5fbf7c8a34b9c5b38b10b46210b
                                          • Instruction Fuzzy Hash: D711E2B6800219DFDB14DF9AC584BDEFBF4FB88720F14842AD519A7610C375A945CFA4
                                          Function 0CEE3938 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0CEE399D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 696192ff0003be5105d37fa40022ee63b4cd39ff4a43511f693dd0fff037f292
                                          • Instruction ID: 513b51da629a044cd2a4bfacd057c3495154fa19024d83a16d7e93b208c17667
                                          • Opcode Fuzzy Hash: 696192ff0003be5105d37fa40022ee63b4cd39ff4a43511f693dd0fff037f292
                                          • Instruction Fuzzy Hash: 971122B58003499FDB10DF9AC885BDEFBF8EB48320F20941AD558A7250C375A944CFA0
                                          Function 0CEE0218 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: ed0eaf595d6b3141e7a28e14d2e38fe214c59be4bad5d718203ca811ea43cee3
                                          • Instruction ID: 993f9ff89eb293d74256750498827d7a969649567a78bcd0552fb7c216da6398
                                          • Opcode Fuzzy Hash: ed0eaf595d6b3141e7a28e14d2e38fe214c59be4bad5d718203ca811ea43cee3
                                          • Instruction Fuzzy Hash: EC11F571D003498FEB10DFAAC8457DEFBF5EB88724F248419D519A7250CB79A944CBA4
                                          Function 0CEE153C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0CEE399D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 77bc9c6d7214b0e8da9f282c540332ba7560162c9a965c6aed11d0703dfb9ee8
                                          • Instruction ID: 093ef7236cab39604294d6f525341746bb13daca56636df6208769c16084d4b3
                                          • Opcode Fuzzy Hash: 77bc9c6d7214b0e8da9f282c540332ba7560162c9a965c6aed11d0703dfb9ee8
                                          • Instruction Fuzzy Hash: FE1133B5800349DFDB10CF8AC889BDEFBF8EB48320F208459E959A7210C375A944CFA5
                                          Function 00D6AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00D6AFFE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: d2bd7e61f9bc2d1fb4d246dd275498113ab9393e3f9c7df118b67e7153a9f636
                                          • Instruction ID: 6b92bd50221672b7ac010338cbdbbfa5ccb10ec8ecf3343bbc0495e85f22d1ea
                                          • Opcode Fuzzy Hash: d2bd7e61f9bc2d1fb4d246dd275498113ab9393e3f9c7df118b67e7153a9f636
                                          • Instruction Fuzzy Hash: 2C11DFB5C006498FDB10CF9AC444BDEFBF4AB88724F14841AD569A7210D379A945CFA5
                                          Function 05C3ED08 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a497265aee7ffd2dfc855eccdc2df56248cbf71bce14e9bc84de54c9380288c3
                                          • Instruction ID: 6034188754fe45e87f3ea66625ec263fd43d230b9b8fb9c9e9f956268c716a37
                                          • Opcode Fuzzy Hash: a497265aee7ffd2dfc855eccdc2df56248cbf71bce14e9bc84de54c9380288c3
                                          • Instruction Fuzzy Hash: 1C51C031F0031DCBCF25DFB899556AEBBB6AB89200F140969C506A7391DB359E06CB91
                                          Function 00A7D68C Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 425bc04cf3ba35358ec3792c09915018bd1fcce406593f7d8331e712918dbdb1
                                          • Instruction ID: ed27156ae13dba76b5727942217f413c2d533628b11fa8922aaf3dc78f5167e6
                                          • Opcode Fuzzy Hash: 425bc04cf3ba35358ec3792c09915018bd1fcce406593f7d8331e712918dbdb1
                                          • Instruction Fuzzy Hash: 1821F172500244EFDB099F10DDC4B16BBB6FF88318F24C669E90D0B256C33AD856DBA1
                                          Function 00A7D1FC Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93219d619320761ed624686604acc6e99facb31fcd12351b2cf6cf6803413a20
                                          • Instruction ID: 020fadf245b4dfdfd6ef7c476d7c1676a9a6595872ba6fa5d53d9ad7c8773822
                                          • Opcode Fuzzy Hash: 93219d619320761ed624686604acc6e99facb31fcd12351b2cf6cf6803413a20
                                          • Instruction Fuzzy Hash: 7D21ED72604200EFDB059F14D980B6ABB76FF88314F24C6A9E9090A257C336D857CBA1
                                          Function 05C3CE00 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 396869ad563723d6b3f7ed58a3ba5a5ac94af91904194fa09dd5ce16eb145aed
                                          • Instruction ID: 715e748b09f412cb04eca3530270b70c6d50fe6640d1cd4b81694010d8206dfd
                                          • Opcode Fuzzy Hash: 396869ad563723d6b3f7ed58a3ba5a5ac94af91904194fa09dd5ce16eb145aed
                                          • Instruction Fuzzy Hash: 92314F70A0511ACFDB40DF69D845BADB7BAEF88300F00AA56E519B7354DB309D86CF54
                                          Function 00A7D3D8 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d48e885c694fa3bfbf3df58d406058a7281b751daedd807fd97922871b43739
                                          • Instruction ID: f60a087bbe4e73b6c8297e0e0a4e2cb68bb9f8e1e69b03e20716d906922803f6
                                          • Opcode Fuzzy Hash: 6d48e885c694fa3bfbf3df58d406058a7281b751daedd807fd97922871b43739
                                          • Instruction Fuzzy Hash: C0210372500204EFDB04DF14D9C0B16BB75FF98324F20C56DE90D4B256C336E856CAA2
                                          Function 05C3FD80 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34bcb9a545e0f5608efb44bad9538a18fdbc0a3b226dccfb346540939a5cf2b9
                                          • Instruction ID: 2af829eaeb8626d07905882beda43c99f4d65eb8e61ce58cdec1353deb5d45f6
                                          • Opcode Fuzzy Hash: 34bcb9a545e0f5608efb44bad9538a18fdbc0a3b226dccfb346540939a5cf2b9
                                          • Instruction Fuzzy Hash: C231D474E042199FCB04DF99D499ADDBBB2FF48310F10942AE905A7360DB34AA44CF90
                                          Function 00A8D01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148699768.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a8d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a4253a42b4a2a681ef10a84dad76e494de063e69076e1c9e150837f96f2c706
                                          • Instruction ID: 3ae7450f6138c2e58f5d0116ef6463361a7f6538cdcc7f7504fc7b463146b687
                                          • Opcode Fuzzy Hash: 5a4253a42b4a2a681ef10a84dad76e494de063e69076e1c9e150837f96f2c706
                                          • Instruction Fuzzy Hash: 8B21F271604204EFDB14EF14D984B16BB75FB84314F20C56DD90A4B2D6C33AD847CB61
                                          Function 00A8D1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148699768.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a8d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ee491f542f4dd904a82d696fe10a75e22ffe93d9f2f1b3c73b1cb45fd1fd394
                                          • Instruction ID: d0616caeea9883a35c50330eb699ae572fdc7114927d921e2015180d7ff68d34
                                          • Opcode Fuzzy Hash: 2ee491f542f4dd904a82d696fe10a75e22ffe93d9f2f1b3c73b1cb45fd1fd394
                                          • Instruction Fuzzy Hash: 29210471504204EFDB05EF14D9C0F66BBA5FB84314F20CA6DE9094B2D2D336D846CB61
                                          Function 00A8D006 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148699768.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a8d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61e32cc5b3884a62da36abddf45e12911e3d484356f5c5eedd88faa4556c909e
                                          • Instruction ID: 5988f6e840d346d4f8da98fef13a7db31aaf75b2ab4e1e7a037d63092226f27d
                                          • Opcode Fuzzy Hash: 61e32cc5b3884a62da36abddf45e12911e3d484356f5c5eedd88faa4556c909e
                                          • Instruction Fuzzy Hash: B42192755083849FCB02DF14D994711BF71EB46314F28C5DAD8498F2A7C33A9806CB62
                                          Function 05C3E300 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 332503d79c4ca990a698f68cd145c1439b61afee38108a943c102f62f374e5ce
                                          • Instruction ID: 06c2318bf14434f0afa1341508d437aadbe92bde21bfa5bbed6476f65a443ade
                                          • Opcode Fuzzy Hash: 332503d79c4ca990a698f68cd145c1439b61afee38108a943c102f62f374e5ce
                                          • Instruction Fuzzy Hash: E511A730B0120C9BDBA49B7AD811BBE76ABBB84710F049929E51AD7341EB309A4087D1
                                          Function 00A7D687 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 448c806a5054ba187e4508f7a226a03bb761a6c68aed6e9adf4fb178f3854da0
                                          • Instruction ID: fd53868566e701e361fd794f62670d7997532280d936563241dd9d2b80a7c96e
                                          • Opcode Fuzzy Hash: 448c806a5054ba187e4508f7a226a03bb761a6c68aed6e9adf4fb178f3854da0
                                          • Instruction Fuzzy Hash: D2219D76504284DFCB0ACF10D9C4B16BF72FF88314F24C6A9D9490B256C33AD826CB91
                                          Function 00A7D1F7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97b80ae79017b4ed6bea6dd9b7a80ca74a39b088e4df1c4c2e3fdfc2e958b63e
                                          • Instruction ID: 8a0ed0a5b7013b90b830fd2f33476f4435a93d02f2b1de38e0653b445931b8db
                                          • Opcode Fuzzy Hash: 97b80ae79017b4ed6bea6dd9b7a80ca74a39b088e4df1c4c2e3fdfc2e958b63e
                                          • Instruction Fuzzy Hash: 60218C76504244DFCB06CF50D9C4B56BF72FB84314F24C5A9DC090A656C33AD826CBA1
                                          Function 00A7D3D3 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                          • Instruction ID: a4371b8acde831917f71804001eabb743de56ebce958b661b476ce836b6a062a
                                          • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                          • Instruction Fuzzy Hash: 4B11D376504240DFCB15CF10D9C4B16BF71FF94324F24C6A9D8090B656C33AE856CBA1
                                          Function 00A8D1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148699768.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a8d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: f016f7bc7ef076b2bb8daee8a8950a8cdec52a6a249cb7a66f16e6c419aaf70c
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: 8511DD75504284DFCB01DF10C5C0B55FBB1FB84314F24C6ADD8494B296C33AD81ACB61
                                          Function 00A7D7C5 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8ce71befbc72404de34d356620c274082c64a174528d874c85ab56add3c6353
                                          • Instruction ID: 05673524bc549f1de0fa150149e010c511eb7f883541512451268a8f2e96928c
                                          • Opcode Fuzzy Hash: f8ce71befbc72404de34d356620c274082c64a174528d874c85ab56add3c6353
                                          • Instruction Fuzzy Hash: 5001A231404344DAE7208B29CD84B67BFBCEF51324F28C56EED0D5E282C279D845C6B2
                                          Function 00A7D7C4 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2148613415.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_a7d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd1308b228733d25f0611a4a4bcac8a887e6b97e95e1ef476cb34abb85dad244
                                          • Instruction ID: 6fc81e71f93938881879b12e5a7edfdf5267bf1f6dcb19ce7fad64681de9a3d5
                                          • Opcode Fuzzy Hash: fd1308b228733d25f0611a4a4bcac8a887e6b97e95e1ef476cb34abb85dad244
                                          • Instruction Fuzzy Hash: 8AF04971405244AAE7108B1ADD84B66FFA8EF91724F28C55AED0C5A286C279A844CAB2

                                          Non-executed Functions

                                          Function 05C3F510 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: O<a
                                          • API String ID: 0-14493157
                                          • Opcode ID: 063b041a1b7f6d54b410d0a432b4d98231760c548dd1beacbd90cc7163d3ac1e
                                          • Instruction ID: 0ad0ff31f55419e6ef22cfdb83b08d06e9b6799230e816f1ff6554783f6dd48d
                                          • Opcode Fuzzy Hash: 063b041a1b7f6d54b410d0a432b4d98231760c548dd1beacbd90cc7163d3ac1e
                                          • Instruction Fuzzy Hash: B8E14B74E002199FDB14DFA9C5819AEFBF2FF89304F248569D409AB356D734A942CFA0
                                          Function 05C32548 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !Y3E
                                          • API String ID: 0-2826621527
                                          • Opcode ID: 3e257f7e65c705274f6c27ec05c6ee6863d23d9069de62e7edf23a93b3e1fdd6
                                          • Instruction ID: 8be5179957c29b6cf0b5b3380ec48927babf424ba32e36eeff3d05c4572526a2
                                          • Opcode Fuzzy Hash: 3e257f7e65c705274f6c27ec05c6ee6863d23d9069de62e7edf23a93b3e1fdd6
                                          • Instruction Fuzzy Hash: 8AA19E38B002088FDB18DB69D955B6E7AF3BF88710F258429E906EB3A4DE74DD418B45
                                          Function 05C34CAB Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ~H@
                                          • API String ID: 0-3968150030
                                          • Opcode ID: a8b245ab9e0f5ed4461b870752f6160a4069d17dd13fe98700d323fd107fcc2c
                                          • Instruction ID: f48f7156d17cad9eb6a2b9470800bda9e7ad952772881ce772a16d788a64441b
                                          • Opcode Fuzzy Hash: a8b245ab9e0f5ed4461b870752f6160a4069d17dd13fe98700d323fd107fcc2c
                                          • Instruction Fuzzy Hash: CAA19074B182188FCB18CF6AD99697EFBF3EBC5300B14896AD0569B264C735ED41CB80
                                          Function 05C36F88 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: T(z
                                          • API String ID: 0-3184255237
                                          • Opcode ID: f9f5f129220c94ce8c09de1ce32dca5374b0ab4518a2e9aa1c020e8dd7ab8c69
                                          • Instruction ID: 7d9d5f8a99a97561453799131335b5452f0d2ad1b9b2e63b613568685dde44d6
                                          • Opcode Fuzzy Hash: f9f5f129220c94ce8c09de1ce32dca5374b0ab4518a2e9aa1c020e8dd7ab8c69
                                          • Instruction Fuzzy Hash: 69410635F042099BDB58DAB689527BFF6B7EBCC740F10C82AD502AB284DA31CD419BD1
                                          Function 05C36F80 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: T(z
                                          • API String ID: 0-3184255237
                                          • Opcode ID: f73b90372e109e863f34925dcc857cd7f16db280e0f6ef4c89b19c738621f264
                                          • Instruction ID: e9f3c8a25c36132d6047831dbccc36bcd80cfe1ae4bebe82f4b6c52723989c38
                                          • Opcode Fuzzy Hash: f73b90372e109e863f34925dcc857cd7f16db280e0f6ef4c89b19c738621f264
                                          • Instruction Fuzzy Hash: AF411B35F041099BDB54CAB589527BFF6B7EBCC740F10C82AD502AB294DA30CE419B91
                                          Function 05C309E8 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ax^
                                          • API String ID: 0-994873808
                                          • Opcode ID: d8a9114d0d9294823d123ba9b2cf6d2e51859a5d9ca29e4f1e9192332b3d6458
                                          • Instruction ID: f8988f5d22f625a62d5d8e83db98f33a4803b806c62b6668666493f98fafb9fb
                                          • Opcode Fuzzy Hash: d8a9114d0d9294823d123ba9b2cf6d2e51859a5d9ca29e4f1e9192332b3d6458
                                          • Instruction Fuzzy Hash: 2B419372F1525ECFCB44CF99D98A5AEFBF6BB88200B158566D505F7352C234CD018B91
                                          Function 05C309F8 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ax^
                                          • API String ID: 0-994873808
                                          • Opcode ID: e3f7464d9e880bb832ec166e166cf6a99938cec8ccf462f6dc3b9b080d1eb923
                                          • Instruction ID: f81e2c8f30c8b3f06a6a69f385225d617e496f4a5abf53cffd660613f41a2855
                                          • Opcode Fuzzy Hash: e3f7464d9e880bb832ec166e166cf6a99938cec8ccf462f6dc3b9b080d1eb923
                                          • Instruction Fuzzy Hash: 58419332F1525E8FCB44CF9AD88A5AEF7F6FB88204B158526D50AFB352C274DD018B91
                                          Function 0CEE4B70 Relevance: .3, Instructions: 335COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2158296675.000000000CEE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CEE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_cee0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aad566c4e3c129aa6110eff2daefe02cb5197dc0f14fbb0b11991060fb7464a3
                                          • Instruction ID: e0ed0ec519f92bab990f335db7a3a3e7c4fe37f399ac9539074062f605377720
                                          • Opcode Fuzzy Hash: aad566c4e3c129aa6110eff2daefe02cb5197dc0f14fbb0b11991060fb7464a3
                                          • Instruction Fuzzy Hash: 99C1CE317016048FD719DBBAC410BAEB7FAAF89784F24946DD1469B2E1CF35E802CB61
                                          Function 05C3F948 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bdda16dd0e29d67f8e37eeea0851829425e211dd5dcb2c93be286f2ef08ef9e
                                          • Instruction ID: 6d801ff70e54ceb0f6d2742cada3473f6220eb5ed302a12c5bf58f86982d8d0f
                                          • Opcode Fuzzy Hash: 0bdda16dd0e29d67f8e37eeea0851829425e211dd5dcb2c93be286f2ef08ef9e
                                          • Instruction Fuzzy Hash: B5E12B74E002199FDB14DFA9C5819AEFBF2FF88304F248569D419AB356D734A942CFA0
                                          Function 05C32538 Relevance: .3, Instructions: 278COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6fdd0042d39dfd6ac0af6f1fa58e40e7bd6ddc28beb15e1907db05b77285a4d9
                                          • Instruction ID: f0e373278bee4c95f4a4d29533954ce5bdcf8b2d8f3b6f9418ddcbf3ca59d1fd
                                          • Opcode Fuzzy Hash: 6fdd0042d39dfd6ac0af6f1fa58e40e7bd6ddc28beb15e1907db05b77285a4d9
                                          • Instruction Fuzzy Hash: 4AA19D38B002088FDB14DB69D956B6E7BF3BF88710F258429E906EB3A5DE74DD418B41
                                          Function 05C36168 Relevance: .3, Instructions: 269COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba5b31252ea5cc579a0ed993e63bfb94f5348af93ef21aaa0f90c4751696086d
                                          • Instruction ID: cbf0d792b72157d817c80aa4d6cdf5184e5382ddcafea912c4905db9d02bb0be
                                          • Opcode Fuzzy Hash: ba5b31252ea5cc579a0ed993e63bfb94f5348af93ef21aaa0f90c4751696086d
                                          • Instruction Fuzzy Hash: 74D10431D2065A8ADB00EBA4D9916DDB7B1FF95300F50D79AE14A37214EF70AAC5CB81
                                          Function 05C36178 Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7781f416418f4819517a2d6856f60d4e48d50c800ab0c265676c96df39dc8251
                                          • Instruction ID: 6bf77cc9c5c5339ea401ddb99ddc5e79bd4c15f742dd7512429e64208c1f1a10
                                          • Opcode Fuzzy Hash: 7781f416418f4819517a2d6856f60d4e48d50c800ab0c265676c96df39dc8251
                                          • Instruction Fuzzy Hash: CCD10331D2065A8ADB00EBA4D9916DDF7B1FF95300F50D79AE14A37214EF70AAC5CB81
                                          Function 00D6D5BC Relevance: .3, Instructions: 264COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2149013096.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd7bc8aff6dab4e34a6344d34802cc36aedc218440bc0ef57dbfad1b574a33a6
                                          • Instruction ID: 20724c593bd789a89359c559bb9f1f2370db6a94a30bdef8899cf47dfef87c42
                                          • Opcode Fuzzy Hash: fd7bc8aff6dab4e34a6344d34802cc36aedc218440bc0ef57dbfad1b574a33a6
                                          • Instruction Fuzzy Hash: 3DA16D32E00609CFCF05DFB4D84059EB7B2FF85300B1585BAE805AB265DB75E955CBA0
                                          Function 05C32E7B Relevance: .3, Instructions: 257COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cba966e832a1f7d99b8f49686c64c5ac318eeda419df8616bb2094e305522f1
                                          • Instruction ID: 5d6f3367e6ca5c09d75264b4e2cbb33afa1c4c9c4e3214178146c28957d5a4a9
                                          • Opcode Fuzzy Hash: 5cba966e832a1f7d99b8f49686c64c5ac318eeda419df8616bb2094e305522f1
                                          • Instruction Fuzzy Hash: 66A1C230A046588BCB14CB69C992A7EFBF3AFC5704B148D6AE056DB395C634ED45CB90
                                          Function 05C326DB Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1475937ae306d4e83bfdece6b1b16e88958042e0ed4d11db3e2f04e392f0204
                                          • Instruction ID: 8b633fb2c100ebfd5c7faf6a4d59dbf87d3f52f90b632788c109fd3eb8b393c3
                                          • Opcode Fuzzy Hash: d1475937ae306d4e83bfdece6b1b16e88958042e0ed4d11db3e2f04e392f0204
                                          • Instruction Fuzzy Hash: 6F51AE38B002089FDB189F75D956B6EBBB3BB89710F248429E906EB390DA758D418B45
                                          Function 05C36718 Relevance: .1, Instructions: 114COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae31b1168c481e0f44f23ebe2b294e68d51d737bbfe7670db0595dd3d05479ed
                                          • Instruction ID: bab868c41613951d2b35f8066feddd40e951b0d1c02ae9c9dc0912db2c959aed
                                          • Opcode Fuzzy Hash: ae31b1168c481e0f44f23ebe2b294e68d51d737bbfe7670db0595dd3d05479ed
                                          • Instruction Fuzzy Hash: 6D417335B1411DEFCB04CFA9C5814BEBFB7EF89310B90496AE505EB250D6319D918B85
                                          Function 05C36728 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2157758268.0000000005C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5c30000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b035d5af98358ca6e32238ac5b048f773a8eec2a68e7b597253db4b82ad7a64
                                          • Instruction ID: c5dbfb8211540648ee705d24adfc4b7e0daea7180dfe1b2a214d2c447542ade5
                                          • Opcode Fuzzy Hash: 3b035d5af98358ca6e32238ac5b048f773a8eec2a68e7b597253db4b82ad7a64
                                          • Instruction Fuzzy Hash: 14418335B1411DEBCB04CFA9C5828BEFFB7EF89310B90496AE905EB250D6319D91CB85

                                          Execution Graph

                                          Execution Coverage:12.6%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:3.8%
                                          Total number of Nodes:78
                                          Total number of Limit Nodes:5
                                          execution_graph 44700 2ca0848 44702 2ca084e 44700->44702 44701 2ca091b 44702->44701 44704 2ca139f 44702->44704 44705 2ca1386 44704->44705 44707 2ca13a3 44704->44707 44705->44702 44706 2ca1500 44706->44702 44707->44706 44713 2ca88a8 44707->44713 44718 2ca89e4 44707->44718 44723 2ca8a81 44707->44723 44728 2ca8a22 44707->44728 44733 2ca88b8 44707->44733 44715 2ca88b4 44713->44715 44714 2ca8b13 44714->44707 44715->44714 44738 2ca8b20 44715->44738 44742 2ca8b30 44715->44742 44719 2ca89e9 44718->44719 44721 2ca8b20 DeleteFileW 44719->44721 44722 2ca8b30 DeleteFileW 44719->44722 44720 2ca8b13 44720->44707 44721->44720 44722->44720 44725 2ca8a86 44723->44725 44724 2ca8b13 44724->44707 44726 2ca8b20 DeleteFileW 44725->44726 44727 2ca8b30 DeleteFileW 44725->44727 44726->44724 44727->44724 44730 2ca8a27 44728->44730 44729 2ca8b13 44729->44707 44731 2ca8b20 DeleteFileW 44730->44731 44732 2ca8b30 DeleteFileW 44730->44732 44731->44729 44732->44729 44735 2ca88ba 44733->44735 44734 2ca8b13 44734->44707 44735->44734 44736 2ca8b20 DeleteFileW 44735->44736 44737 2ca8b30 DeleteFileW 44735->44737 44736->44734 44737->44734 44739 2ca8b24 44738->44739 44740 2ca8b72 44739->44740 44746 2ca79f4 44739->44746 44740->44714 44744 2ca8b40 44742->44744 44743 2ca8b72 44743->44714 44744->44743 44745 2ca79f4 DeleteFileW 44744->44745 44745->44743 44747 2ca8f98 DeleteFileW 44746->44747 44749 2ca9017 44747->44749 44749->44740 44783 6dd6778 44786 6dd67dd 44783->44786 44784 6dd57f8 PeekMessageW 44784->44786 44785 6dd6c40 WaitMessage 44785->44786 44786->44784 44786->44785 44787 6dd682a 44786->44787 44788 2ca7f20 44789 2ca7f64 CheckRemoteDebuggerPresent 44788->44789 44790 2ca7fa6 44789->44790 44791 2ca9570 44792 2ca95bb MoveFileA 44791->44792 44794 2ca960f 44792->44794 44750 6dd2190 44752 6dd21c1 44750->44752 44753 6dd220d 44750->44753 44751 6dd21cd 44752->44751 44756 6dd2408 44752->44756 44760 6dd23f8 44752->44760 44765 6dd2439 44756->44765 44772 6dd2448 44756->44772 44757 6dd2412 44757->44753 44761 6dd2408 44760->44761 44763 6dd2439 LoadLibraryExW 44761->44763 44764 6dd2448 LoadLibraryExW 44761->44764 44762 6dd2412 44762->44753 44763->44762 44764->44762 44766 6dd2448 44765->44766 44767 6dd247c 44766->44767 44770 6dd2439 LoadLibraryExW 44766->44770 44771 6dd2448 LoadLibraryExW 44766->44771 44767->44757 44768 6dd2474 44768->44767 44779 6dd1424 44768->44779 44770->44768 44771->44768 44773 6dd2459 44772->44773 44774 6dd247c 44772->44774 44773->44774 44777 6dd2439 LoadLibraryExW 44773->44777 44778 6dd2448 LoadLibraryExW 44773->44778 44774->44757 44775 6dd2474 44775->44774 44776 6dd1424 LoadLibraryExW 44775->44776 44776->44774 44777->44775 44778->44775 44780 6dd2698 LoadLibraryExW 44779->44780 44782 6dd2711 44780->44782 44782->44767

                                          Executed Functions

                                          Function 06DD6778 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 759 6dd6778-6dd67db 760 6dd67dd-6dd6807 759->760 761 6dd680a-6dd6828 759->761 760->761 766 6dd682a-6dd682c 761->766 767 6dd6831-6dd6868 761->767 769 6dd6cea-6dd6cff 766->769 771 6dd686e-6dd6882 767->771 772 6dd6c99 767->772 773 6dd6884-6dd68ae 771->773 774 6dd68b1-6dd68d0 771->774 775 6dd6c9e-6dd6cb4 772->775 773->774 781 6dd68e8-6dd68ea 774->781 782 6dd68d2-6dd68d8 774->782 775->769 783 6dd68ec-6dd6904 781->783 784 6dd6909-6dd6912 781->784 786 6dd68dc-6dd68de 782->786 787 6dd68da 782->787 783->775 788 6dd691a-6dd6921 784->788 786->781 787->781 789 6dd692b-6dd6932 788->789 790 6dd6923-6dd6929 788->790 792 6dd693c 789->792 793 6dd6934-6dd693a 789->793 791 6dd693f-6dd695c call 6dd57f8 790->791 796 6dd6ab1-6dd6ab5 791->796 797 6dd6962-6dd6969 791->797 792->791 793->791 798 6dd6abb-6dd6abf 796->798 799 6dd6c84-6dd6c97 796->799 797->772 800 6dd696f-6dd69ac 797->800 801 6dd6ad9-6dd6ae2 798->801 802 6dd6ac1-6dd6ad4 798->802 799->775 808 6dd6c7a-6dd6c7e 800->808 809 6dd69b2-6dd69b7 800->809 804 6dd6ae4-6dd6b0e 801->804 805 6dd6b11-6dd6b18 801->805 802->775 804->805 806 6dd6b1e-6dd6b25 805->806 807 6dd6bb7-6dd6bcc 805->807 810 6dd6b54-6dd6b76 806->810 811 6dd6b27-6dd6b51 806->811 807->808 823 6dd6bd2-6dd6bd4 807->823 808->788 808->799 812 6dd69e9-6dd69fe call 6dd581c 809->812 813 6dd69b9-6dd69c0 call 6dd5804 809->813 810->807 850 6dd6b78-6dd6b82 810->850 811->810 821 6dd6a03-6dd6a07 812->821 819 6dd69c5-6dd69c7 813->819 819->812 824 6dd69c9-6dd69e7 call 6dd5810 819->824 825 6dd6a09-6dd6a1b call 6dd5828 821->825 826 6dd6a78-6dd6a85 821->826 827 6dd6bd6-6dd6c0f 823->827 828 6dd6c21-6dd6c3e call 6dd57f8 823->828 824->821 851 6dd6a1d-6dd6a4d 825->851 852 6dd6a5b-6dd6a73 825->852 826->808 843 6dd6a8b-6dd6a95 call 6dd5838 826->843 839 6dd6c18-6dd6c1f 827->839 840 6dd6c11-6dd6c17 827->840 828->808 842 6dd6c40-6dd6c6c WaitMessage 828->842 839->808 840->839 847 6dd6c6e 842->847 848 6dd6c73 842->848 856 6dd6aa4-6dd6aac call 6dd5850 843->856 857 6dd6a97-6dd6a9f call 6dd5844 843->857 847->848 848->808 858 6dd6b9a-6dd6bb5 850->858 859 6dd6b84-6dd6b8a 850->859 867 6dd6a4f 851->867 868 6dd6a54 851->868 852->775 856->808 857->808 858->807 858->850 864 6dd6b8c 859->864 865 6dd6b8e-6dd6b90 859->865 864->858 865->858 867->868 868->852
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52bf1a293959e47da250bde34897b60453ad4b41798b2ea1267aec3588e0d583
                                          • Instruction ID: e2a0034deed09d3c8bda9e451c467111c5f63d5a2cb8c4ec3f2d5458c1133c01
                                          • Opcode Fuzzy Hash: 52bf1a293959e47da250bde34897b60453ad4b41798b2ea1267aec3588e0d583
                                          • Instruction Fuzzy Hash: 2BF13970E00259CFEB54EFA9C844B9DBBF1FF88314F158169E419AB2A5DB70E945CB80
                                          Function 02CA7F20 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 879 2ca7f20-2ca7fa4 CheckRemoteDebuggerPresent 881 2ca7fad-2ca7fe8 879->881 882 2ca7fa6-2ca7fac 879->882 882->881
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02CA7F97
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4618039406.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_2ca0000_2024.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 937ac5299f46021aee3572d50478aab3a0b276bde1f01e4f46d30433803eb755
                                          • Instruction ID: 35953ec4c2ed9f92b532bbbaac2e62a4e8c444450620af64c050ff9cbcd184a8
                                          • Opcode Fuzzy Hash: 937ac5299f46021aee3572d50478aab3a0b276bde1f01e4f46d30433803eb755
                                          • Instruction Fuzzy Hash: 802159B180025ACFDB00CF9AD884BEEFBF4BF48325F14845AE454A3250C738AA44CF60
                                          Function 06D62418 Relevance: 1.5, Instructions: 1522COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0eb9d3cdd92aaf8cece342fcc31c25d6460feec8f98397f849c6a31b09aab721
                                          • Instruction ID: 05fbc60a991a2f8fa6667296988629aac58223d0a97b6a7782a2a92efd0c79c6
                                          • Opcode Fuzzy Hash: 0eb9d3cdd92aaf8cece342fcc31c25d6460feec8f98397f849c6a31b09aab721
                                          • Instruction Fuzzy Hash: 46E24834E00219CFDB64DB69C884A9DB7B2FF89310F5585AAE449AB355DB30ED85CF80
                                          Function 06D66780 Relevance: .8, Instructions: 816COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 789a66eaa4f9aa75f54eac31dcbba65d5255cfbae1f5232c44ce2a5bdbff1d46
                                          • Instruction ID: 54bf28c0b7fad7649068ff674427ffbc64b73acde9d253e3485214655d4a70f9
                                          • Opcode Fuzzy Hash: 789a66eaa4f9aa75f54eac31dcbba65d5255cfbae1f5232c44ce2a5bdbff1d46
                                          • Instruction Fuzzy Hash: 2A62AE30B102598FDB54DB6AD594AADB7F2FF88314F148569E806EB390DB35EC42CB81
                                          Function 06D6B3B8 Relevance: .8, Instructions: 767COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5dcdcbb3ba6b989f2b82ec576c460ed072be3317c5335e32c54a1774f3533508
                                          • Instruction ID: aa1866cbd76a4af039f156d86abe35030e16b5f40b9286adcfbd81d204b310fb
                                          • Opcode Fuzzy Hash: 5dcdcbb3ba6b989f2b82ec576c460ed072be3317c5335e32c54a1774f3533508
                                          • Instruction Fuzzy Hash: FB526034E1021A8FEB64DB6AD4907ADB7B2FB85310F20852BE445DB395DB34EC91CB91
                                          Function 06D6C308 Relevance: .6, Instructions: 635COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea74d67d1adb5c417c845f136bab11de62308ea03701600f15c2283c89644c0
                                          • Instruction ID: 4f634b35c52d2ed98d7836f5eb846bf0b1865bff11f4f07cc30ade961fd2d02b
                                          • Opcode Fuzzy Hash: bea74d67d1adb5c417c845f136bab11de62308ea03701600f15c2283c89644c0
                                          • Instruction Fuzzy Hash: 34329134B202198FDF54DB69D990BAEB7B2FB88350F108629E545EB355DB31EC42CB90
                                          Function 06D65358 Relevance: .6, Instructions: 587COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69496f2b9ec68a1d468bd62211b5738bc54e7b7c8411325eb458c081caacd763
                                          • Instruction ID: af18014c98911d3b6ac11bf2c82a0a788495b6a09720269e6eaa575fddef1505
                                          • Opcode Fuzzy Hash: 69496f2b9ec68a1d468bd62211b5738bc54e7b7c8411325eb458c081caacd763
                                          • Instruction Fuzzy Hash: D512D371F002558BDB64DB66E8807AEB7B2EF85310F24847AE856DB345DB34EC85CB90
                                          Function 06D67F08 Relevance: .5, Instructions: 486COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6ab34299b0420d7ee549cc7796f06e4eeb9fe7f2b7f8029a6021df8eeeac69e
                                          • Instruction ID: 836f61421d97d0b7d0f925b74ad2a96f930eeff77d45f81f38dad97dc544b240
                                          • Opcode Fuzzy Hash: f6ab34299b0420d7ee549cc7796f06e4eeb9fe7f2b7f8029a6021df8eeeac69e
                                          • Instruction Fuzzy Hash: B002B230B002169FDB54DB66D8946AEB7F2FF88314F248629E516DB384DB75EC42CB90
                                          Function 02CA7F19 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 871 2ca7f19-2ca7f1a 872 2ca7f1e-2ca7fa4 CheckRemoteDebuggerPresent 871->872 873 2ca7f1c 871->873 875 2ca7fad-2ca7fe8 872->875 876 2ca7fa6-2ca7fac 872->876 873->872 876->875
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02CA7F97
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4618039406.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_2ca0000_2024.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 4a75dbef90c9d181e340cb72720e812545918c6995c8d5e388a195639f2bf870
                                          • Instruction ID: d4250af0df94868560cbd7b1200c97ee787ce9cfe23b10eba1ea00e5d1e695ec
                                          • Opcode Fuzzy Hash: 4a75dbef90c9d181e340cb72720e812545918c6995c8d5e388a195639f2bf870
                                          • Instruction Fuzzy Hash: 782116B180125ACFDB10CF99D884BEEFBF5BF48315F14846AE455A7250D7389A44CF64
                                          Function 02CA956B Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 885 2ca956b-2ca95c2 887 2ca95cd-2ca95d1 885->887 888 2ca95c4-2ca95ca 885->888 889 2ca95d9-2ca960d MoveFileA 887->889 890 2ca95d3-2ca95d6 887->890 888->887 891 2ca960f-2ca9615 889->891 892 2ca9616-2ca962a 889->892 890->889 891->892
                                          APIs
                                          • MoveFileA.KERNEL32(?,00000000,?,?), ref: 02CA9600
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4618039406.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_2ca0000_2024.jbxd
                                          Similarity
                                          • API ID: FileMove
                                          • String ID:
                                          • API String ID: 3562171763-0
                                          • Opcode ID: 21f515abf5b5210704dbbb2f07007a2dc09869badec2ff815ff71de1abe8878f
                                          • Instruction ID: 0ca7732e51946de8d7fed576f33364738506b7abb97dba9e12ebf9756705db32
                                          • Opcode Fuzzy Hash: 21f515abf5b5210704dbbb2f07007a2dc09869badec2ff815ff71de1abe8878f
                                          • Instruction Fuzzy Hash: E92134B6C0124A9FCB50CF99D485ADEFBF1FF88314F24855AE818AB201C7359A40CFA4
                                          Function 02CA9570 Relevance: 1.6, APIs: 1, Instructions: 62fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 894 2ca9570-2ca95c2 896 2ca95cd-2ca95d1 894->896 897 2ca95c4-2ca95ca 894->897 898 2ca95d9-2ca960d MoveFileA 896->898 899 2ca95d3-2ca95d6 896->899 897->896 900 2ca960f-2ca9615 898->900 901 2ca9616-2ca962a 898->901 899->898 900->901
                                          APIs
                                          • MoveFileA.KERNEL32(?,00000000,?,?), ref: 02CA9600
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4618039406.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_2ca0000_2024.jbxd
                                          Similarity
                                          • API ID: FileMove
                                          • String ID:
                                          • API String ID: 3562171763-0
                                          • Opcode ID: aa94c037996b6d53dd2a2c4d8522be0b052e6552ef8da748f85f699f8681ac50
                                          • Instruction ID: 14b510bb2202cc8dd377459b7d8717320b52fc7d64c8942aa1104f16841d4ec1
                                          • Opcode Fuzzy Hash: aa94c037996b6d53dd2a2c4d8522be0b052e6552ef8da748f85f699f8681ac50
                                          • Instruction Fuzzy Hash: 802116B6C012099FCB50CF99D585ADEFBF5FF88714F24855AE818AB204C7759A40CFA4
                                          Function 02CA8F90 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 903 2ca8f90-2ca8f92 904 2ca8f96-2ca8fe2 903->904 905 2ca8f94-2ca8f95 903->905 907 2ca8fea-2ca9015 DeleteFileW 904->907 908 2ca8fe4-2ca8fe7 904->908 905->904 909 2ca901e-2ca9046 907->909 910 2ca9017-2ca901d 907->910 908->907 910->909
                                          APIs
                                          • DeleteFileW.KERNELBASE(00000000), ref: 02CA9008
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4618039406.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_2ca0000_2024.jbxd
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: c4221e166a912c258cc4f32a5f0e6ef27eeea612c46ed95a98da2f02e928a69b
                                          • Instruction ID: 5eab1fc880ee396399c680c1067b02968fb9427d06e734904c5d59f0aefd3e33
                                          • Opcode Fuzzy Hash: c4221e166a912c258cc4f32a5f0e6ef27eeea612c46ed95a98da2f02e928a69b
                                          • Instruction Fuzzy Hash: 3A2149B6C0061ACFDB14CF99C5557DEFBB0EF48714F14812AD414A7241D3389941CFA4
                                          Function 02CA79F4 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 913 2ca79f4-2ca8fe2 916 2ca8fea-2ca9015 DeleteFileW 913->916 917 2ca8fe4-2ca8fe7 913->917 918 2ca901e-2ca9046 916->918 919 2ca9017-2ca901d 916->919 917->916 919->918
                                          APIs
                                          • DeleteFileW.KERNELBASE(00000000), ref: 02CA9008
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4618039406.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_2ca0000_2024.jbxd
                                          Similarity
                                          • API ID: DeleteFile
                                          • String ID:
                                          • API String ID: 4033686569-0
                                          • Opcode ID: be4302e0fee55d9600f3a545b06853f96257e3761ae32d8fd00d5b1735c4a94a
                                          • Instruction ID: 9608eea7d129c513ba062926bf9225febdd50d05b01f0f886909b5d67e244a28
                                          • Opcode Fuzzy Hash: be4302e0fee55d9600f3a545b06853f96257e3761ae32d8fd00d5b1735c4a94a
                                          • Instruction Fuzzy Hash: 262144B1C0065A9BCB10CF9AC455BAEFBB4EB48324F10812AD818A7240D378A940CFE4
                                          Function 06DD57F8 Relevance: 1.6, APIs: 1, Instructions: 55windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 930 6dd57f8-6dd6db5 PeekMessageW 932 6dd6dbe-6dd6ddf 930->932 933 6dd6db7-6dd6dbd 930->933 933->932
                                          APIs
                                          • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,06DD695A,00000000,00000000,03E641B4,02ED3F50), ref: 06DD6DA8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID: MessagePeek
                                          • String ID:
                                          • API String ID: 2222842502-0
                                          • Opcode ID: 2fc0f4f640012426d7535708153569a6747cb6296ae93af3c494e4ea804c9f8a
                                          • Instruction ID: fb8330cc2995e22a83f8fc206d045e8d8240455a7dd6d7109d1a466732f26d53
                                          • Opcode Fuzzy Hash: 2fc0f4f640012426d7535708153569a6747cb6296ae93af3c494e4ea804c9f8a
                                          • Instruction Fuzzy Hash: 411126B1804249DFDB10DF9AD844BDEBBF8EB48324F10842AE958A7250C378A954CFA5
                                          Function 06DD1424 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 922 6dd1424-6dd26d8 924 6dd26da-6dd26dd 922->924 925 6dd26e0-6dd270f LoadLibraryExW 922->925 924->925 926 6dd2718-6dd2735 925->926 927 6dd2711-6dd2717 925->927 927->926
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,00000000,?,06DD2671,00000800), ref: 06DD2702
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: c864914eb63d75f2119875012ee44d4e6c3cacc0937074e4a1dacb26b2c82887
                                          • Instruction ID: 416bac65817e223092f8fc940fc3ddd12dfc7f2c6963fcb66f934d5645acd45c
                                          • Opcode Fuzzy Hash: c864914eb63d75f2119875012ee44d4e6c3cacc0937074e4a1dacb26b2c82887
                                          • Instruction Fuzzy Hash: 9B1126B6D00349DFDB10DF9AC844ADEFBF4EB48320F10842AD519A7600C375A544CFA4
                                          Function 06DD2691 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 935 6dd2691-6dd26d8 937 6dd26da-6dd26dd 935->937 938 6dd26e0-6dd270f LoadLibraryExW 935->938 937->938 939 6dd2718-6dd2735 938->939 940 6dd2711-6dd2717 938->940 940->939
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,00000000,?,06DD2671,00000800), ref: 06DD2702
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: c6ca5acf5a1de6d0701ac28a32297bd396db9e3f8c09b2dfe1b76003ab21fd86
                                          • Instruction ID: 907f09ecef4ddc7d867072831269b9180a52fc765d7dae67fc8ab9bc872a2808
                                          • Opcode Fuzzy Hash: c6ca5acf5a1de6d0701ac28a32297bd396db9e3f8c09b2dfe1b76003ab21fd86
                                          • Instruction Fuzzy Hash: AF1123B6D003499FDB14DF9AD884ADEFBF4EB88320F14842ED559A7210C375A544CFA5
                                          Function 06DD6D38 Relevance: 1.6, APIs: 1, Instructions: 54windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 943 6dd6d38-6dd6db5 PeekMessageW 944 6dd6dbe-6dd6ddf 943->944 945 6dd6db7-6dd6dbd 943->945 945->944
                                          APIs
                                          • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,06DD695A,00000000,00000000,03E641B4,02ED3F50), ref: 06DD6DA8
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID: MessagePeek
                                          • String ID:
                                          • API String ID: 2222842502-0
                                          • Opcode ID: 2783863a0315656c59a5ee949de9d9781de954fdbf2b8b643595869d476aa799
                                          • Instruction ID: 8bb3a24c407bf38c6879c82ebdc393dbd8be6e05a4741c8ef62de3ee4f7963c8
                                          • Opcode Fuzzy Hash: 2783863a0315656c59a5ee949de9d9781de954fdbf2b8b643595869d476aa799
                                          • Instruction Fuzzy Hash: 061167B1C00249DFDB10CF9AD884BDEFBF4EB48324F10842AE858A3250C378A554CFA1
                                          Function 06D6D0C8 Relevance: .8, Instructions: 797COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a018fa9b945773da05cb22539bd35649dfba30c4bacea9e63ff4851b4f86ad0
                                          • Instruction ID: 981ab5c5ebbf10724ecf0e5516214c7db9d99ddf78b4713bc4ef85a4957b023f
                                          • Opcode Fuzzy Hash: 8a018fa9b945773da05cb22539bd35649dfba30c4bacea9e63ff4851b4f86ad0
                                          • Instruction Fuzzy Hash: 5A621E30B0021A8FDB55EF69E590A5EB7B2FF84354F209A69E0059F359DB71EC46CB80
                                          Function 06D6AE50 Relevance: .4, Instructions: 389COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3413eb8ceb7375874c0cf68c9177d04529862bdeb0f71e29bd4d796f141cdd3
                                          • Instruction ID: a6e3e433c2f2037a7572053e76b0ac91c630163c31ce70cc65edda7f9a1e1cce
                                          • Opcode Fuzzy Hash: b3413eb8ceb7375874c0cf68c9177d04529862bdeb0f71e29bd4d796f141cdd3
                                          • Instruction Fuzzy Hash: CAE17430F1021A8FDB65DF66D5906AEB7B2FF85300F24862AE415EB345DB71E846CB81
                                          Function 062B1C50 Relevance: .3, Instructions: 343COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ad4fa5471cab9f052725d4b064db41c0018567e36fecc32728dcad8c12d03de
                                          • Instruction ID: 0db319eb403bcbfd9cf7198275874bba8c5198c6227b1e3c1506027f8d1bf691
                                          • Opcode Fuzzy Hash: 5ad4fa5471cab9f052725d4b064db41c0018567e36fecc32728dcad8c12d03de
                                          • Instruction Fuzzy Hash: 88D1AE71E1030A9FDB54DFA9C8646EEBBF2EF88350F149569E805AB390DB309D41CB91
                                          Function 06D66770 Relevance: .3, Instructions: 311COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d62b36e5f1d12e05beae32e66767137eea2ff77174c2681093cb6e8f6032f982
                                          • Instruction ID: d97f1a16c45457e7406f316d3193daa9c86e662efecee41a70e0ed4b66bbcb67
                                          • Opcode Fuzzy Hash: d62b36e5f1d12e05beae32e66767137eea2ff77174c2681093cb6e8f6032f982
                                          • Instruction Fuzzy Hash: 4EC16D34F102598FDB54DB6AD594AADBBB2EB89300F248529F805EB394DB31EC42CB51
                                          Function 06D6B3A8 Relevance: .3, Instructions: 296COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6b16634085a3bfd56562248832429bd79c71a6aa5c1ea99d1c27d2bd275ddb2
                                          • Instruction ID: b15f0966d7f79e844208f4ce66425db8882d8eb3a95b042e9a28dafc64c8a612
                                          • Opcode Fuzzy Hash: a6b16634085a3bfd56562248832429bd79c71a6aa5c1ea99d1c27d2bd275ddb2
                                          • Instruction Fuzzy Hash: CCA17374E102098FEF64DBAAD4907BEB7B6FB89310F204526F405EB395DA34DC918B91
                                          Function 06D6B7C1 Relevance: .3, Instructions: 266COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c21a4abedb27e6466917fb11e8f71d9f5f77cb8f0d39eb68ed03ad28d1dacecf
                                          • Instruction ID: 84c2b69eadd9414f48f76e4d44ef7422bcfccd1b57450f7e2c1e43c0fb7ea1bf
                                          • Opcode Fuzzy Hash: c21a4abedb27e6466917fb11e8f71d9f5f77cb8f0d39eb68ed03ad28d1dacecf
                                          • Instruction Fuzzy Hash: C4A14930E1020A8FEBA4DB5AD4807ADB7B2FB45314F24892BE459DB395D634EC92CB51
                                          Function 06D68BB0 Relevance: .3, Instructions: 262COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 348eb0d3def42483839794266e6b026aa7fd120122806462960c4cdbe015e511
                                          • Instruction ID: 45076a3ac0422dd9a9ccefb101df851792464b8ce4c28ae0340d9802fe93259e
                                          • Opcode Fuzzy Hash: 348eb0d3def42483839794266e6b026aa7fd120122806462960c4cdbe015e511
                                          • Instruction Fuzzy Hash: 5BA11D70B012168FDB58DF75C8907AEB7B2EB89200F1046B9D40A9B355DB31ED86CB91
                                          Function 06D692D8 Relevance: .2, Instructions: 231COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd1a8e760c2db57420dfe5a6a29045ab6acf0db9f4a25589d0b2445c34c00b80
                                          • Instruction ID: 9b5f6c11503aa9399cf6b0729126ac730396510fab1f708b474feee542c149a3
                                          • Opcode Fuzzy Hash: bd1a8e760c2db57420dfe5a6a29045ab6acf0db9f4a25589d0b2445c34c00b80
                                          • Instruction Fuzzy Hash: 68913530B1025B8FDB54DF66D9A07AEB7F2AFC5240F108569D409EB384EA71ED428B91
                                          Function 06D65F78 Relevance: .2, Instructions: 229COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4e71fa3377f64acbbaff29014ef1214749efdfe4e43c82d592ef3d727d349ea
                                          • Instruction ID: 4412b7ff53565f6864b4033c96f2c2e17d580827ae0f0d951770d06173f267be
                                          • Opcode Fuzzy Hash: e4e71fa3377f64acbbaff29014ef1214749efdfe4e43c82d592ef3d727d349ea
                                          • Instruction Fuzzy Hash: A161B371F000224BDF549B7ED88096FFAD7AFC4220B25443AE90ADB3A4DE65DD0287D5
                                          Function 06D64050 Relevance: .2, Instructions: 221COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8fd1ded4bf90950bab77e263b0545324c1671a6187a31059c41a50b0c2dcaeb
                                          • Instruction ID: 235826cf866a70be64a28545d547e9df38b2833478f2b32b839464f6645a33f7
                                          • Opcode Fuzzy Hash: d8fd1ded4bf90950bab77e263b0545324c1671a6187a31059c41a50b0c2dcaeb
                                          • Instruction Fuzzy Hash: 45814034B1125A8FDF54DFA6D4547AE77F2AF89300F208529E40ADB384DB35DC468B91
                                          Function 06D64060 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 541e10ff36ca26bcf63bc82bda73a368a8594cf17a5b24380e48fa266c27106a
                                          • Instruction ID: d5e44d60aa1b167f707081c562b3feb174b1864dde205fe32579d786e27c43fc
                                          • Opcode Fuzzy Hash: 541e10ff36ca26bcf63bc82bda73a368a8594cf17a5b24380e48fa266c27106a
                                          • Instruction Fuzzy Hash: A6813F34B112598FDB54DFA6D45476E77F2AF89300F208529E40ADB384EA35EC428B91
                                          Function 06D64370 Relevance: .2, Instructions: 217COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 749f28634117541ad3e33bb643f660ae99ecab521901c02310ec9af8887b7265
                                          • Instruction ID: c1e031a6ef7a188149af5f555e2430dd9542310521876967c737f021d3033ec7
                                          • Opcode Fuzzy Hash: 749f28634117541ad3e33bb643f660ae99ecab521901c02310ec9af8887b7265
                                          • Instruction Fuzzy Hash: 5B914D30E1021A8FDF60DF68C890B9DB7B1FF89300F20C699E549AB245DB70A985CF90
                                          Function 06D64388 Relevance: .2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04baf5f5898a81d73836a96fa954d28da58c5be1e33566209aeeda3fc9924f60
                                          • Instruction ID: acadf98ba6bef9b4bba9fa56b23a48701ebf81fccda40c74c332f5265aa0a221
                                          • Opcode Fuzzy Hash: 04baf5f5898a81d73836a96fa954d28da58c5be1e33566209aeeda3fc9924f60
                                          • Instruction Fuzzy Hash: DD912C30E1061A8BDF60DFA9C880B9DB7B1FF89310F20C599E549AB345DB71A985CF90
                                          Function 06D6ECA1 Relevance: .2, Instructions: 203COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4a609e714e5b05992c6e48acec45e4c29e8744c4c49519d0a68595d848e7c6e1
                                          • Instruction ID: 7c4c6d9176a7c16352f6a4671f944c088770291bd4822e45f14cb14df7c45174
                                          • Opcode Fuzzy Hash: 4a609e714e5b05992c6e48acec45e4c29e8744c4c49519d0a68595d848e7c6e1
                                          • Instruction Fuzzy Hash: 4E712C74A002499FDB54DFAAD990AAEBBF6FF84304F248529E405EB355DB30EC46CB50
                                          Function 06D6ECB0 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b13187fe7a0bec83196d7a7fa75fccb4d88a49d42bce8e2907707bdd494184f1
                                          • Instruction ID: 2caca09c38aa20b73f968a77911099f318f67f3e64283073628176bd66983fa7
                                          • Opcode Fuzzy Hash: b13187fe7a0bec83196d7a7fa75fccb4d88a49d42bce8e2907707bdd494184f1
                                          • Instruction Fuzzy Hash: 6F712C34A002599FDB54DFAAD990AAEBBF6FF84304F248529E405EB355DB30EC46CB50
                                          Function 06D64920 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aad0fb94ad1ef08d87bb4508f3f7aeeb0363a5bc8795e02ac0ffc5fdaf938cc0
                                          • Instruction ID: f3dcf2c09b25057e93269889e9a647ac331ef1ec6a5c30efd23c13037a38e416
                                          • Opcode Fuzzy Hash: aad0fb94ad1ef08d87bb4508f3f7aeeb0363a5bc8795e02ac0ffc5fdaf938cc0
                                          • Instruction Fuzzy Hash: 6B617470F102199FEB549BA5C8547AEBAF6FF88310F20852AE106EB395DF754C45CB90
                                          Function 06D692C8 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da1e728e38681159a5bfdd82661c5f2e08223b8b8e504cd6170ad798d4efd39b
                                          • Instruction ID: 02d79895004cb218ba6debf4f652b3ca1b041aec60b1f15ff7fc3b4062d8fbca
                                          • Opcode Fuzzy Hash: da1e728e38681159a5bfdd82661c5f2e08223b8b8e504cd6170ad798d4efd39b
                                          • Instruction Fuzzy Hash: DF514630B112568FEB54DB76D9A076E77F6EFC8240F148679D809DB384EA31EC428B91
                                          Function 06D6F7C1 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 319aa7e85c9be1a99a6b401e12dfd22f25da21bb9be3f1c8a37857cb1f20aac3
                                          • Instruction ID: e706ffef23ede07821b6137a4fbc8fd78b57419a6aca6fb6a31c8e51cc437e0f
                                          • Opcode Fuzzy Hash: 319aa7e85c9be1a99a6b401e12dfd22f25da21bb9be3f1c8a37857cb1f20aac3
                                          • Instruction Fuzzy Hash: F051F874B102199FEF6457AEE85472F3A5BD789340F20452AF10AD73E6CE38CC418392
                                          Function 06D6F7D0 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6f498431c8a96cb733015d4a0ad09c10ba40d886b02d978b7cd7caddc206a0f
                                          • Instruction ID: 35cdf7a85f0a3b43ff07c4451bdea559d7329a87b1789030474f8098e8c899dc
                                          • Opcode Fuzzy Hash: d6f498431c8a96cb733015d4a0ad09c10ba40d886b02d978b7cd7caddc206a0f
                                          • Instruction Fuzzy Hash: 6D51B874B202199BFF645BAEE85472F365BD789350F20452AF10AD73D6CE78CC818792
                                          Function 06D64910 Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d32f236dbda6886e7c191c10078beedca678fd6cd2dec06529563a1e1d889b4
                                          • Instruction ID: 2b69384b71ef3776d9254b5bdeb53a701257861ef89d9c34910631857343d2e5
                                          • Opcode Fuzzy Hash: 7d32f236dbda6886e7c191c10078beedca678fd6cd2dec06529563a1e1d889b4
                                          • Instruction Fuzzy Hash: E2516270F102599FEB549BA5C854BAEBAF6FF88300F208529E106EF395DE748C01DB90
                                          Function 06D65349 Relevance: .1, Instructions: 127COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7614a8b46a6dc01df9e01b8403c05f7b586ea3c070fd8a08abd5dbaaf7545a3e
                                          • Instruction ID: e4f07fea15ed45b3149534b6a09c19be7c0ae2336aff3482be0b2a9f327bb6e3
                                          • Opcode Fuzzy Hash: 7614a8b46a6dc01df9e01b8403c05f7b586ea3c070fd8a08abd5dbaaf7545a3e
                                          • Instruction Fuzzy Hash: 1D41A574E102058FDF708BAAD88077EFBB2FB49311F20496AF15AD7681C6B4E891CB51
                                          Function 06D651D8 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5daba1c578e85aef1dd51ab4d39db43c92a035ee8f6d161ad6c2e10076e44ae2
                                          • Instruction ID: a1fe258c90c6bb9b87defc7ad4f52659c285d9567f12e0a86be63717b047cffb
                                          • Opcode Fuzzy Hash: 5daba1c578e85aef1dd51ab4d39db43c92a035ee8f6d161ad6c2e10076e44ae2
                                          • Instruction Fuzzy Hash: 97414071E006099BDF70CFAAE880AAFF7B5FB98210F10492AE156D7650D371E985CB90
                                          Function 06D6DC50 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7434fd323a7cd9201a2b5c59b27cb529628d474741688f1180c340689895632a
                                          • Instruction ID: c1556b5c678fdc4bfbeed642394a240c87acd91fc25e1b3fcb6847aaf0e4fd56
                                          • Opcode Fuzzy Hash: 7434fd323a7cd9201a2b5c59b27cb529628d474741688f1180c340689895632a
                                          • Instruction Fuzzy Hash: F2416070F0030A9FDB64EF66E48469EBBB3BF89340F208529E416DB244DB70D945CB81
                                          Function 06D6DC3D Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e71542dac0f079af98b09ded21d2568005828eb8cb7ac447d048e2cf813e0c5f
                                          • Instruction ID: fae79d137a15902589be6f428ded3a249f1f68f89d3663649e95ece0e12890c4
                                          • Opcode Fuzzy Hash: e71542dac0f079af98b09ded21d2568005828eb8cb7ac447d048e2cf813e0c5f
                                          • Instruction Fuzzy Hash: E3418E70F0030A9FDB65DF66D48469EBBB2AF89300F208529E806EB244DB70D846CB81
                                          Function 062B1C4F Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 973af8b0bab6c81c4fd9ef070fe6f8a8540fc2665a7b48f4294ad7e7d3d34676
                                          • Instruction ID: 47c98f6493881d2d7bd123a04f096e236a66d6b3d48e13233b553fe969749970
                                          • Opcode Fuzzy Hash: 973af8b0bab6c81c4fd9ef070fe6f8a8540fc2665a7b48f4294ad7e7d3d34676
                                          • Instruction Fuzzy Hash: 8A416C30D1070ADBCB14DFA9C8586DDBBB1FF88350F14D669E8097B264EB70A980CB90
                                          Function 06D6227D Relevance: .1, Instructions: 109COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 887f53a30342f917b56f77456683dfa8bad4a0496d0af8a7eddd8a9b28f5def2
                                          • Instruction ID: e67fb5a2465b51571761d014f2e57bab311c781e6a77f114631929545c2859a9
                                          • Opcode Fuzzy Hash: 887f53a30342f917b56f77456683dfa8bad4a0496d0af8a7eddd8a9b28f5def2
                                          • Instruction Fuzzy Hash: 5931C030B002168FEB58AB36D4546AF7BA3BB89700B14467DE402DB394DF35DD468B90
                                          Function 06D62290 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05967d7676e659bcf13c0896365a3aff1126982b83c5bb39b9bfbb48fe6205da
                                          • Instruction ID: fb0d388ecd9a42bc454e2af605c3eb997502ef760b292cc5ab1eb1305b3ee42f
                                          • Opcode Fuzzy Hash: 05967d7676e659bcf13c0896365a3aff1126982b83c5bb39b9bfbb48fe6205da
                                          • Instruction Fuzzy Hash: 8E318F30B002168FEB58AB36D5546AF7AA3BF89710B24467CE406DB394DF31DD468B90
                                          Function 062B2498 Relevance: .1, Instructions: 102COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de318310308399759abb78d9828ecfe7dc0bd136996cd174ec5dbb3917321f51
                                          • Instruction ID: 9ae023843720ff75c74f652e3babcafbb4b2e5a0ec88683d1c1be8eb1e738407
                                          • Opcode Fuzzy Hash: de318310308399759abb78d9828ecfe7dc0bd136996cd174ec5dbb3917321f51
                                          • Instruction Fuzzy Hash: A331D030E1121A8FDB54EB78D8806AF77B2EF49300F105A29E506EB365EB30DD02CB91
                                          Function 06D6DAF1 Relevance: .1, Instructions: 97COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2eaefbe1e14d9ac4e1a89fecb4df7da9b6b4c5d0d4ef3340a0d04a9cc615d91b
                                          • Instruction ID: c29dbb16088def2475613be518d167179a65441b9aaa0acd2959aae1067852d6
                                          • Opcode Fuzzy Hash: 2eaefbe1e14d9ac4e1a89fecb4df7da9b6b4c5d0d4ef3340a0d04a9cc615d91b
                                          • Instruction Fuzzy Hash: CB318570E1031A9BDB24DF69D99069EBBB2FF85310F104929E405EB344DBB0E946C780
                                          Function 06D62140 Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56605d3eb0b4284564e250b942c82cb7ab0d56c3ddf60cadacf35e982d7d3197
                                          • Instruction ID: f3e4de6cee2c48c21cb2b673ef8593679350c6dc29303e852669fe8f9976ff19
                                          • Opcode Fuzzy Hash: 56605d3eb0b4284564e250b942c82cb7ab0d56c3ddf60cadacf35e982d7d3197
                                          • Instruction Fuzzy Hash: 09317A34E1021A9BCB58CFA5C894A9EB7B2FF89310F108629E816E7340DB71ED42CB50
                                          Function 062B24A8 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70b581e7e25edf300e40ad460708a8be958cb9939b2fde23774dd5fbf8bc2bce
                                          • Instruction ID: 1cf3e602ff857eb4ee53a446b9ca5321ea3a71d5fea5e8cbd32ce3758d026d25
                                          • Opcode Fuzzy Hash: 70b581e7e25edf300e40ad460708a8be958cb9939b2fde23774dd5fbf8bc2bce
                                          • Instruction Fuzzy Hash: E9319230E1121A8FDB54EB79D8806AFB7B6EB48340F105629E506EB355EB30DD028B94
                                          Function 06D6FE18 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7255ffe3576c08780560222076a37c4ef5cd3d64745004258e840bd10a8fb8d
                                          • Instruction ID: 951000823792371a0028dd5ed5ec32db183d04b7f17359772a57a70671fb1ed1
                                          • Opcode Fuzzy Hash: c7255ffe3576c08780560222076a37c4ef5cd3d64745004258e840bd10a8fb8d
                                          • Instruction Fuzzy Hash: 8531AF31A04A168FCB10CF05D990DAAB7F7FF82310B1A85A9E4569B291D374F988CBD4
                                          Function 06D62150 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46c82430aa4abb9a72847b22a74b9d406f618c12b282029376ad2f08252b27da
                                          • Instruction ID: 69d123044d16e6ca9a9c0716d1352a62af56d3e0cde57fc0b66c9a550d0783f4
                                          • Opcode Fuzzy Hash: 46c82430aa4abb9a72847b22a74b9d406f618c12b282029376ad2f08252b27da
                                          • Instruction Fuzzy Hash: 38314C34E1021A9BDB58CFA5D99469EB7B2FF89710F108629F806E7350DB71ED42CB50
                                          Function 06D6FE28 Relevance: .1, Instructions: 86COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d544c856ead7d23f1901532a7b66079df54642c74eba16499b667046a62e381
                                          • Instruction ID: 9beaba6b2a566b19731b78c606c46c6fda2e8da8d621bcf411384c1288f63bec
                                          • Opcode Fuzzy Hash: 9d544c856ead7d23f1901532a7b66079df54642c74eba16499b667046a62e381
                                          • Instruction Fuzzy Hash: AC31A031A04A168FCB50CF09D880DAAB7F3FF81310B1AC565E4569B291D370F988CBD4
                                          Function 0105D006 Relevance: .1, Instructions: 82COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b10e39430f192b038b61b07252bbd5d9a987aa05f91f4513270498a2e6bc228c
                                          • Instruction ID: 92fc92271d5ed3be46b4c568c368f73fe9fa6ae9d9a03f5ebcbe84802d9a25e0
                                          • Opcode Fuzzy Hash: b10e39430f192b038b61b07252bbd5d9a987aa05f91f4513270498a2e6bc228c
                                          • Instruction Fuzzy Hash: 7D313A7550E3C09FD747CB64C9A4701BF71AF47214F2985DBD9898F2A7C23A980ACB62
                                          Function 06D63C5B Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8613eac219e6b9fc9d9b6c5d790528aa202c678f78baedb7498de1741a958129
                                          • Instruction ID: 9f68bc59bccc12cff04aca6a346116e532cf31a1981726e9834c810227dd742a
                                          • Opcode Fuzzy Hash: 8613eac219e6b9fc9d9b6c5d790528aa202c678f78baedb7498de1741a958129
                                          • Instruction Fuzzy Hash: 62218C75F112159FDB40DF6AD981AAEBBF1EB88710F118169E905EB380E730E9018B90
                                          Function 06D63C68 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2a3e2e4fd4d569aae350fdd3a3de005d3e6c77de1838d0efd63ab0acd0c7cee
                                          • Instruction ID: 0bd1bbedf349821e46e9d46e332a025a9382b71ba24761a41113689028cbdb8c
                                          • Opcode Fuzzy Hash: d2a3e2e4fd4d569aae350fdd3a3de005d3e6c77de1838d0efd63ab0acd0c7cee
                                          • Instruction Fuzzy Hash: 33217A75F116259FDB50DFAAD880AAEBBF1EB88710F118129F915E7380E730E9018B90
                                          Function 062B1FC4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f5386580a6a4432eb1070858f5ed90642e962d83954a3d0395906bcbd885eb8
                                          • Instruction ID: 21e098eda30986ecab983e62ce8ef993531db95f5c1f4fa63094141be3c80fa6
                                          • Opcode Fuzzy Hash: 9f5386580a6a4432eb1070858f5ed90642e962d83954a3d0395906bcbd885eb8
                                          • Instruction Fuzzy Hash: 9F31FFB0C11218DFDB64CF99C598BDEBFF5EB48714F24841AE844AB250C3B59985CBA0
                                          Function 0105D044 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77440614da49d273422b7a2d6533f370d02031d19187d6078bf4d294c823d1dd
                                          • Instruction ID: 92f3344844e28d55b66ea619bc87e6111203cec90e49ec583d0df5a12c3ba83f
                                          • Opcode Fuzzy Hash: 77440614da49d273422b7a2d6533f370d02031d19187d6078bf4d294c823d1dd
                                          • Instruction Fuzzy Hash: F1212571504204EFDB91DF94D9C0B27BBA5FB84314F20C5AEED894B252C736D446CB61
                                          Function 0105D20C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67f5b0fee8309af59c4525f7fd6bb3fcf2616ead3de2726d7e87ac8efcb82c67
                                          • Instruction ID: a9644cf463690dadd1ced8c471176176b9dba2a949525392055fc6952aa0c5d9
                                          • Opcode Fuzzy Hash: 67f5b0fee8309af59c4525f7fd6bb3fcf2616ead3de2726d7e87ac8efcb82c67
                                          • Instruction Fuzzy Hash: AD210471504244DFDB81DF54D584B2BBBA5FB94324F20C6AEDD894B242C37AD446CB61
                                          Function 0105D3BC Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6728f0ae71bd763a25e905d45f4fb5cda73a1f5964d2cbc7175bddf07cdec24a
                                          • Instruction ID: 88ab17aae8961305ae20508b0ba7aa9e935a161a8b1367f7681848f0f1f732e6
                                          • Opcode Fuzzy Hash: 6728f0ae71bd763a25e905d45f4fb5cda73a1f5964d2cbc7175bddf07cdec24a
                                          • Instruction Fuzzy Hash: 39210071500204DFDB81DF54D580B2BBFA5EB84314F20C5AEDD894B282C776E446CF61
                                          Function 062B1958 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05fa88ee8c138896fa37a80e87f95b80404c41e39fa06385580c3faf3af81362
                                          • Instruction ID: 854afb84d0c70186a855c27451aa47ea64c11fc5735f04b045a9ab7b91f436d0
                                          • Opcode Fuzzy Hash: 05fa88ee8c138896fa37a80e87f95b80404c41e39fa06385580c3faf3af81362
                                          • Instruction Fuzzy Hash: 2031FFB0C11318DFDB60CF99C998BDEBBF5EB48754F24841AE804AB250C3B59985CBA0
                                          Function 06D6F6E9 Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d273877a1850ad1fe3293add52d09c2feda906c5f58b7ef920dcf64489adce3
                                          • Instruction ID: e86013c54e91f9e8fff14dbf520c80b062f52b9518517d3caafbe3aeb39cd863
                                          • Opcode Fuzzy Hash: 4d273877a1850ad1fe3293add52d09c2feda906c5f58b7ef920dcf64489adce3
                                          • Instruction Fuzzy Hash: A2110425F206264BFF64237EAC907AF265FCBC6390F21443AE10AD7391C919CC8203A1
                                          Function 0105D12C Relevance: .1, Instructions: 71COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 378439bef247682fa52224044df33944d1f4b48b2b5927a1ad163a093483fedc
                                          • Instruction ID: 56b6174e6b2ae0a0d36c69632f3a644e55a27de3ae296b4d859e0fdaca1eeb75
                                          • Opcode Fuzzy Hash: 378439bef247682fa52224044df33944d1f4b48b2b5927a1ad163a093483fedc
                                          • Instruction Fuzzy Hash: FC21F671544240EFDB45DF58D9C0B2BBBA6FB84314F20C6AEDD494B252C336D846CB65
                                          Function 062B11C0 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69045062597e169f8a7a1a78f2bae20599fd611642ce6597fc84e3d0348f772a
                                          • Instruction ID: 8987396bc97b50029ea332e09900030982b9a4fb3a0c5399c1ce4e1128ff80e6
                                          • Opcode Fuzzy Hash: 69045062597e169f8a7a1a78f2bae20599fd611642ce6597fc84e3d0348f772a
                                          • Instruction Fuzzy Hash: 5411AB7063A3605FD3A55B35681C4E37FFEEB87790700895AE843C7A41CAB19C6587E1
                                          Function 06D6F6F8 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64d1a81b43e4e1e3610cf1eb2a055f9fa64f6022b361ebd2037073cfad98ab1b
                                          • Instruction ID: 3ff7e3399534a4504c910fd9469f9ae48bfcbb400350444173b92d6284d97304
                                          • Opcode Fuzzy Hash: 64d1a81b43e4e1e3610cf1eb2a055f9fa64f6022b361ebd2037073cfad98ab1b
                                          • Instruction Fuzzy Hash: 7E017C25F2052A5BFFA4236EEC9076F644FD7C57A0F20043AF20AD7395D959CC8203A2
                                          Function 06D63D78 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c0ec69f0094fc9e5e2bfcebdba535713e4da015c1dfa5dc8a97ef935990e9f0
                                          • Instruction ID: 8f5e9c321ce81546581ebe9c7f5c61fe4e5390451e14266d9676e5006c9f42b6
                                          • Opcode Fuzzy Hash: 4c0ec69f0094fc9e5e2bfcebdba535713e4da015c1dfa5dc8a97ef935990e9f0
                                          • Instruction Fuzzy Hash: 3111AD35B201294BDB54EA7AD8146AF73FAEBC9210B119539E406E7384EE74DC028BE1
                                          Function 06D6EF20 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b75edd7996c3402533574da06ce636bea880eab1b58a3569634014f54aa49029
                                          • Instruction ID: 6d3341df9addef03ad74e4266ed305b2fbf66934bac70ce94e9b2b72e661ff38
                                          • Opcode Fuzzy Hash: b75edd7996c3402533574da06ce636bea880eab1b58a3569634014f54aa49029
                                          • Instruction Fuzzy Hash: 41017B34B142150BDB21923E985076F7BE6DBCA720F10843EF14ACB341EE21DC038381
                                          Function 06D63FAF Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb32440daa53a83d9a0010eb2af561b75543d9ee27d4f34681045272f39eb0ba
                                          • Instruction ID: cf25a139bddb4d8bf2a85b170707c192ecf42383006249e2e2eabc9511fd0a62
                                          • Opcode Fuzzy Hash: fb32440daa53a83d9a0010eb2af561b75543d9ee27d4f34681045272f39eb0ba
                                          • Instruction Fuzzy Hash: 8601D435B105254FDB64966E986176FA7D6DBC9320F14C83EF14AC7341DE25CC034351
                                          Function 06D63218 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad593db49798df58c1113c4fdd0a52b4de6634cfa20d4b4f9eef8561f4106a05
                                          • Instruction ID: ae68e65cfd4b1034757c13b1134b9d246839199542643472f299834cb3245bbf
                                          • Opcode Fuzzy Hash: ad593db49798df58c1113c4fdd0a52b4de6634cfa20d4b4f9eef8561f4106a05
                                          • Instruction Fuzzy Hash: C5016171E002299FCB64DBBAD8505DEF7B5EB8D310F11956AE506E7200EA31D945CBD0
                                          Function 0105D207 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
                                          • Instruction ID: 9af819ff686ece0d798ef2464176801472b1d1d28e3317c59631fbd7bdfa5955
                                          • Opcode Fuzzy Hash: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
                                          • Instruction Fuzzy Hash: 6D11EF76504284CFDB42CF54D5C4B16FFA2FB84324F24C6AADC894B646C33AD40ACBA2
                                          Function 0105D3B7 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: 344d805f0818e6083a3fe02b9b860c2e90ddaa78d2e1c543b2e73533f4aac0d8
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: F111BB75504280CFCB42CF54D5C4B56BFA2FB84214F24C6AADC894B256C33AE40ACFA1
                                          Function 06D63A30 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a298f23ed46724e70f157fdfbf7f9b81e7d65480bb31156af52aa32652f308fa
                                          • Instruction ID: 79ccfef950594e6bd0bf1e2c8a8fc62c64ce289d23594e069a7b8218ee51a8f2
                                          • Opcode Fuzzy Hash: a298f23ed46724e70f157fdfbf7f9b81e7d65480bb31156af52aa32652f308fa
                                          • Instruction Fuzzy Hash: DD21CFB5D01259EFDB00CF9AD984ADEFBB4BB48224F10812AE518B7640D378A954CBA5
                                          Function 06D63A38 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee7eeca6ad1f7cd108517f1981e008d25b7c1a97f38dc6f8950ce6454752af63
                                          • Instruction ID: ce892d99e81b941d131242556754dc671e37f8b0dc5ec0eb2bde6d0cceb5eb80
                                          • Opcode Fuzzy Hash: ee7eeca6ad1f7cd108517f1981e008d25b7c1a97f38dc6f8950ce6454752af63
                                          • Instruction Fuzzy Hash: 9A11B2B5D01259EFDB00CF9AD984ADEFBB4FB48724F10812AE918A7340C374A954CFA5
                                          Function 0105D127 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613903752.000000000105D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0105D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_105d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 571ae3314b5eab4f3956dd8972c21c0340599e146b22899774add593c253268d
                                          • Instruction ID: 926f9b790b8e06901971275b29bd937dbc55f53efce84d05a78f7ac9f241c7be
                                          • Opcode Fuzzy Hash: 571ae3314b5eab4f3956dd8972c21c0340599e146b22899774add593c253268d
                                          • Instruction Fuzzy Hash: 3611DD75504280DFCB42CF18C9C0B16BFA2FB84318F24C6AEDC494B662C33AD84ACB61
                                          Function 06D63FC0 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68f619149867ec407624441ac32e31e1d5e3081df541ed7fc5a4a17a9643c664
                                          • Instruction ID: 8b6c47f4adffe2c6f504466b3df709f11a87253d346cf746a59799eb501d2024
                                          • Opcode Fuzzy Hash: 68f619149867ec407624441ac32e31e1d5e3081df541ed7fc5a4a17a9643c664
                                          • Instruction Fuzzy Hash: F0018C35B101254BEB6496AE946472BB7DADBC9760F20C83EF50AC7344EE76DC038391
                                          Function 06D63D67 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38fdf01457b2f661b70dbfa8e5c6e87b27ed31b303b8cc935f40ca96f427d84a
                                          • Instruction ID: 933d455d0e1871d4f9c3dcd23065994ef47c1bc302ae70ce6a489bf19c4f39e9
                                          • Opcode Fuzzy Hash: 38fdf01457b2f661b70dbfa8e5c6e87b27ed31b303b8cc935f40ca96f427d84a
                                          • Instruction Fuzzy Hash: 59018F36B200660BDB94A67AD8547FF77B6DBC9210F114575E406D3384EE24CD038BD0
                                          Function 06D6EF30 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 466571af231db31668c19cf478884665b9c00e3a0a6db8f3eed3d9fe72499881
                                          • Instruction ID: ed77aab4d64c8b935d03e618d4658623b75c101662a243166cd35fcd75139353
                                          • Opcode Fuzzy Hash: 466571af231db31668c19cf478884665b9c00e3a0a6db8f3eed3d9fe72499881
                                          • Instruction Fuzzy Hash: 1001AF39B205254BDB64966EA49076F77D6DBC9720F108839F10ACB344EE21DC038381
                                          Function 06D6A493 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d5b63fb619a4abba94763f22586c9a71c8e6ed3fd06f44951445e2e04d4d078
                                          • Instruction ID: 0ae86127583df2726f2b6a593e66bf0746ba2fc404adca548c64642f77df15a4
                                          • Opcode Fuzzy Hash: 3d5b63fb619a4abba94763f22586c9a71c8e6ed3fd06f44951445e2e04d4d078
                                          • Instruction Fuzzy Hash: B201A230B101254BD764DA6ED864B6E73E5E78A720F148538F14EDB380EF21EC0287C0
                                          Function 062B0674 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0a0de74da5b575fd188c9af19b4e3ab178cedea0f6affb81c9edabe05f8c12b4
                                          • Instruction ID: c27bf907aba65efda98b6060511bda6fa2f4899df48d2eda3db8255c71c092e7
                                          • Opcode Fuzzy Hash: 0a0de74da5b575fd188c9af19b4e3ab178cedea0f6affb81c9edabe05f8c12b4
                                          • Instruction Fuzzy Hash: 4901D234625320CFE3649B29946C5A3BBA5FB86780B00990DE807C2F40C7B1EC21CB84
                                          Function 06D6A4A0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d67856375393768649289a47dc28657eeb1c26d56fae91bd2399affbc0f1be7
                                          • Instruction ID: 9dfede9c1f9abf965b7de75e8b70d408fbce614aa6946ecb6563298781382bef
                                          • Opcode Fuzzy Hash: 3d67856375393768649289a47dc28657eeb1c26d56fae91bd2399affbc0f1be7
                                          • Instruction Fuzzy Hash: 57013134B105254BDB64D66ED964B6E73D6E78A720F148539F14EDB344EE61EC0287C0
                                          Function 062B17A1 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b2b6105a015c4ca1db4143b02178494a1decaed0d0573ff181e6a4de287df4a
                                          • Instruction ID: 3ef4a30d93937813cf40bc231ddde48bdb4a5d1fd662f1930c6e7c82447b60d5
                                          • Opcode Fuzzy Hash: 1b2b6105a015c4ca1db4143b02178494a1decaed0d0573ff181e6a4de287df4a
                                          • Instruction Fuzzy Hash: 691122B5C00249CFDB20CF9AC488BDEFBF4EB48324F24841AD959A7200C374A554CFA0
                                          Function 0104D8C5 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613623144.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_104d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28ab9a3c192bb3c92bc85978ff176a3ad24180cc89908130076eeef2a35b2415
                                          • Instruction ID: 9f42e8c97e7dfaa297e190e25da6b7b3a70f15752ee29576e5fe008dfcb33b3d
                                          • Opcode Fuzzy Hash: 28ab9a3c192bb3c92bc85978ff176a3ad24180cc89908130076eeef2a35b2415
                                          • Instruction Fuzzy Hash: 8301F7B5004344ABF7518A5ACDC4B6BBFD8EF51324F18C4AEEE888A182C238D841CB71
                                          Function 062B17A8 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 748717c46533d603eb5460e5afd629d2f03a4a084f0d51ae64cc05ad7e901c0b
                                          • Instruction ID: 83fe13d32cd8417a017310132d52cef5fdd0cbf9183ae67879747406fc6bd182
                                          • Opcode Fuzzy Hash: 748717c46533d603eb5460e5afd629d2f03a4a084f0d51ae64cc05ad7e901c0b
                                          • Instruction Fuzzy Hash: 411100B5800249CFDB20DF9AC488BDEFBF4EB48364F20841AD958A7200C378A944CFA5
                                          Function 062B1421 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7289f1e989b5e41ca205cc9e231144cf7c67ab9b126f9acfe3bdb0e1fa950627
                                          • Instruction ID: 47f40cca7bf300186cdcccea5d658ee1b9125368b20067fd6fe60c7b211b1935
                                          • Opcode Fuzzy Hash: 7289f1e989b5e41ca205cc9e231144cf7c67ab9b126f9acfe3bdb0e1fa950627
                                          • Instruction Fuzzy Hash: DC018FB2E193949FCB668B64880448ABFF5EF46300B0A45DBD581CB252D630AA18CBA1
                                          Function 062B2390 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97abbf2d066db8110364b03808e0cb01d90d2c28207b4a1f418114506fc076d6
                                          • Instruction ID: 8544938a27af2283d5eac1791a1590de14b1dadf14a5dcd922be04e6390e6c47
                                          • Opcode Fuzzy Hash: 97abbf2d066db8110364b03808e0cb01d90d2c28207b4a1f418114506fc076d6
                                          • Instruction Fuzzy Hash: 3AF0B4727042441FD3158A6A98409A6BFEDEFDA61071540AFE184D7361C5705C058260
                                          Function 0104D8C4 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4613623144.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_104d000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 467da2073cc9a7934f3c865f86d679e88d02407c50cf7bc15860f4499637ccb2
                                          • Instruction ID: ec4ef9b9bbd0a86d44ccd6317a418db1c6af4beea3cc9fa4824969295972ebe1
                                          • Opcode Fuzzy Hash: 467da2073cc9a7934f3c865f86d679e88d02407c50cf7bc15860f4499637ccb2
                                          • Instruction Fuzzy Hash: 39F0C275004344ABEB508E1AD8C4B62FFD8EB51734F18C49AED884B286C2789840CB71
                                          Function 062B26B0 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8897ae308bd3edfb699fb9f1b17ed955ec35157bd7e9f0bf02e86e763d56f1d
                                          • Instruction ID: ad30f8ac874db20dcf394e61200c5ab9bed9b3775482d9c1e5e8d23227589490
                                          • Opcode Fuzzy Hash: b8897ae308bd3edfb699fb9f1b17ed955ec35157bd7e9f0bf02e86e763d56f1d
                                          • Instruction Fuzzy Hash: C5F04FB4D1030ADFDB94DFA8C846AEEBBF4FB08300F108959D910E7240E7709605CB91
                                          Function 062B22FD Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18a96d034bc884b280c524967851c53abd1eb4190e5fc0c99d043bc9ca5ad408
                                          • Instruction ID: cb51040685427416e05851352043e72c5059ff13f77ef13a30a1b5a68ff35974
                                          • Opcode Fuzzy Hash: 18a96d034bc884b280c524967851c53abd1eb4190e5fc0c99d043bc9ca5ad408
                                          • Instruction Fuzzy Hash: 8001E871C11319DFDB65CF69C9443EE7AF1FF48390F149629E824AA2A0D3748A45CB90
                                          Function 062B2300 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b1f8811c6372513f57f9b39456c5fcbd1bd931cc262e444b9dce948d6f2a51c
                                          • Instruction ID: 97a1f91727a5c8b85d41ea69b8932e823bc0e4620d25a0c9b450892199bce589
                                          • Opcode Fuzzy Hash: 7b1f8811c6372513f57f9b39456c5fcbd1bd931cc262e444b9dce948d6f2a51c
                                          • Instruction Fuzzy Hash: 8601E870C11319DFDB65DF6AC8443EEBAF5FF48390F149625E824AA2A0D7744A44CB90
                                          Function 062B23A0 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9eb089bdce6e24ec96f2ee39bf2bfb147aba33bd56bb7168ebe3c572a24616e
                                          • Instruction ID: aa409247f97ee2ac925a06db0b775da2c3e394f11c449b4af2fad9d7909f6c66
                                          • Opcode Fuzzy Hash: a9eb089bdce6e24ec96f2ee39bf2bfb147aba33bd56bb7168ebe3c572a24616e
                                          • Instruction Fuzzy Hash: 3BE092717002186FD3049A5EDC80E6BFBEEFFD9A20B21807AF504D7360CAB0AC0186A4
                                          Function 06D66600 Relevance: .0, Instructions: 30COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a796d03d70fedbb7ba078bc104a56d30d8fbb999253839a4451cefc74c169d3e
                                          • Instruction ID: 523cbe0db73c08c91b716dadfc131c564d8c5ea8c095cd2427928d4ce7d51a05
                                          • Opcode Fuzzy Hash: a796d03d70fedbb7ba078bc104a56d30d8fbb999253839a4451cefc74c169d3e
                                          • Instruction Fuzzy Hash: 20E0DF71E1010C6BDF10DEB1DE4672A76BCE740308F20C8E1E80ACB200E136CD429782
                                          Function 062B26C0 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23de8c2b5c812027b997a2f9625b4d689259c7546b84c883e547612105d0b763
                                          • Instruction ID: ef503b4bd30d2d99be953c01ecb071f12a6381792e09adc6b5ce7020bbee9385
                                          • Opcode Fuzzy Hash: 23de8c2b5c812027b997a2f9625b4d689259c7546b84c883e547612105d0b763
                                          • Instruction Fuzzy Hash: E2F03AB0D1030ADFDB44DFA9D845ABEBBF4EB08340F1085A9D918E7240E7B48601CF91
                                          Function 062B23E0 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6518dac91621090c1f330449978fddef28ee80f94f6330c430ae1ac17e3c5dad
                                          • Instruction ID: fe1a428c302db5b62c42e9f3479acbf3b423fb8098cc1a398c666fa7e6fc1a61
                                          • Opcode Fuzzy Hash: 6518dac91621090c1f330449978fddef28ee80f94f6330c430ae1ac17e3c5dad
                                          • Instruction Fuzzy Hash: 4CE06D777492406FC3558A1AE894D86FFA5EFAA22071680ABF549C7362C6709D02C621
                                          Function 062B1448 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e95c51b202b797116a3f42d198af110ba8419ea8a7e189839acc42cb6850d870
                                          • Instruction ID: a78433a0eb80869dc046562b3f7b7343fce65e6fb0db4b98278da2c61c330200
                                          • Opcode Fuzzy Hash: e95c51b202b797116a3f42d198af110ba8419ea8a7e189839acc42cb6850d870
                                          • Instruction Fuzzy Hash: 1CF03075E10714EF8F34CFA9D80449ABBF9FF49750B00856AE955D3600D771E914CB90
                                          Function 062B2659 Relevance: .0, Instructions: 24COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5815b6b3a2963e968a9c6600aa9fc05200b2d7ef1648d590771ffda677af61c1
                                          • Instruction ID: e7bc7582bb8e1b8fbc8d0865b8059b2753d83070bdec431c0afd9a9a9087b562
                                          • Opcode Fuzzy Hash: 5815b6b3a2963e968a9c6600aa9fc05200b2d7ef1648d590771ffda677af61c1
                                          • Instruction Fuzzy Hash: 97F01C70C60709DFDB60EF79C50566ABFF4BF09300F508569D855E3218E77065148F81
                                          Function 062B23F0 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b461c4a58c4ff98c31cc7766e526d97aa0f60a709721f07d6d3078e778daf80
                                          • Instruction ID: 7536c3f46a0bad8fd25ba539ed177b0977b5ab087a1abd53e47d5b2652dab0ee
                                          • Opcode Fuzzy Hash: 4b461c4a58c4ff98c31cc7766e526d97aa0f60a709721f07d6d3078e778daf80
                                          • Instruction Fuzzy Hash: 56E0E6363446145FC3149A4EEC88D46F7DDEFCD675B558066FA0DC7361CA71AC01C664
                                          Function 06D66610 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4644642644.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6d60000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 520d85d93fd9033e7645260492238196ce4a870d39a999344e05aa211653059a
                                          • Instruction ID: 486d2b3bd959acdde5ace76949e8bb3535ab503c7b8efcbedc3b69a9a38dd947
                                          • Opcode Fuzzy Hash: 520d85d93fd9033e7645260492238196ce4a870d39a999344e05aa211653059a
                                          • Instruction Fuzzy Hash: C4E0C270E1014CABDF50CFF5DA4575AB7BDDB01208F2088E4E409C7200E137CA028781
                                          Function 062B2750 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58f362e9f3076d1829cd8074f3e259b0bd07f7e3f69d585493c4a1149d2e90ac
                                          • Instruction ID: 58efda139648479032051b57cd060a5cfcd49567688b3af14458bcc07f206907
                                          • Opcode Fuzzy Hash: 58f362e9f3076d1829cd8074f3e259b0bd07f7e3f69d585493c4a1149d2e90ac
                                          • Instruction Fuzzy Hash: 18E0C2330192849FC782D760DD80C923FA5AB262407094497E484CA032E220C2AED751
                                          Function 062B2668 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cb531abc58bb582a490e4c2f193dd38be947da66c8810e9372afc2d8752370f
                                          • Instruction ID: fa8c52abf555987b3b5310a391a3e83f8610121cac3d1d5bb5d7a4894cfaa823
                                          • Opcode Fuzzy Hash: 5cb531abc58bb582a490e4c2f193dd38be947da66c8810e9372afc2d8752370f
                                          • Instruction Fuzzy Hash: D3E092B0D5020ADFD780EFA9C945AAEBBF0AF08704F1185A9D419E7221EBB496058F91
                                          Function 062B11D0 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4639756279.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_62b0000_2024.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 353b5f2589accab24a4c40f7f1c6ea8b02ce749e867d8f8b8a6345372aa68077
                                          • Instruction ID: dbd812725b7c14d222bac979c8a2037649ba8ce463dc313f390404852ece6e85
                                          • Opcode Fuzzy Hash: 353b5f2589accab24a4c40f7f1c6ea8b02ce749e867d8f8b8a6345372aa68077
                                          • Instruction Fuzzy Hash: 9EB09B3171517513D945719D64145EE728E87C56A0F000177991D877418DD55D4102D9

                                          Non-executed Functions

                                          Function 06DD8D59 Relevance: 4.6, APIs: 3, Instructions: 86keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetKeyState.USER32(00000010), ref: 06DD8DB5
                                          • GetKeyState.USER32(00000011), ref: 06DD8DFA
                                          • GetKeyState.USER32(00000012), ref: 06DD8E3F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID: State
                                          • String ID:
                                          • API String ID: 1649606143-0
                                          • Opcode ID: 1aa785002b3a2d79e66db453c4d127a8dc05fb186181bb8b4b1590b79ba77537
                                          • Instruction ID: f6d85b9cae67dde1a2c10df58df2d5a3af86adae1169d058bf3c224820c545dd
                                          • Opcode Fuzzy Hash: 1aa785002b3a2d79e66db453c4d127a8dc05fb186181bb8b4b1590b79ba77537
                                          • Instruction Fuzzy Hash: 7631AF708007998EEB22DF5AD9487EFBFF4AB44718F20844AD149A7641C3799589CFE2
                                          Function 06DD8D68 Relevance: 4.6, APIs: 3, Instructions: 76keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetKeyState.USER32(00000010), ref: 06DD8DB5
                                          • GetKeyState.USER32(00000011), ref: 06DD8DFA
                                          • GetKeyState.USER32(00000012), ref: 06DD8E3F
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4645120983.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_6dd0000_2024.jbxd
                                          Similarity
                                          • API ID: State
                                          • String ID:
                                          • API String ID: 1649606143-0
                                          • Opcode ID: c7e6bf385d1bbde549d8c2f5198ca0344682a17f82c371baf36bcbafb8af2889
                                          • Instruction ID: cb444aa446c42b85eead85e2a0ae1bd4502ece3cb95d261e9f274c22a5722ffc
                                          • Opcode Fuzzy Hash: c7e6bf385d1bbde549d8c2f5198ca0344682a17f82c371baf36bcbafb8af2889
                                          • Instruction Fuzzy Hash: 9A318971C007998EEB21DF9AC9487EFBFF4AB48718F208449D159A7240C3B99589CFA1

                                          Execution Graph

                                          Execution Coverage:9.5%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:201
                                          Total number of Limit Nodes:9
                                          execution_graph 32727 16b4668 32728 16b467a 32727->32728 32729 16b4686 32728->32729 32731 16b4779 32728->32731 32732 16b479d 32731->32732 32736 16b4878 32732->32736 32740 16b4888 32732->32740 32738 16b48af 32736->32738 32737 16b498c 32737->32737 32738->32737 32744 16b44b0 32738->32744 32741 16b48af 32740->32741 32742 16b44b0 CreateActCtxA 32741->32742 32743 16b498c 32741->32743 32742->32743 32745 16b5918 CreateActCtxA 32744->32745 32747 16b59db 32745->32747 32747->32747 32988 d253390 32989 d25351b 32988->32989 32990 d2533b6 32988->32990 32990->32989 32992 d2514f0 32990->32992 32993 d253610 PostMessageW 32992->32993 32994 d25367c 32993->32994 32994->32990 32748 d250b22 32749 d250b28 32748->32749 32750 d250b1b 32748->32750 32754 d25208e 32749->32754 32771 d252028 32749->32771 32751 d250ee3 32755 d25201c 32754->32755 32757 d252091 32754->32757 32787 d252db6 32755->32787 32792 d252beb 32755->32792 32797 d252968 32755->32797 32802 d25298e 32755->32802 32807 d25262d 32755->32807 32811 d25270d 32755->32811 32816 d252b02 32755->32816 32820 d252ac7 32755->32820 32824 d252b44 32755->32824 32828 d252604 32755->32828 32833 d252725 32755->32833 32838 d25249a 32755->32838 32843 d252a5c 32755->32843 32756 d25204a 32756->32751 32772 d252042 32771->32772 32774 d252725 2 API calls 32772->32774 32775 d252604 2 API calls 32772->32775 32776 d252b44 2 API calls 32772->32776 32777 d252ac7 2 API calls 32772->32777 32778 d252b02 2 API calls 32772->32778 32779 d25270d 2 API calls 32772->32779 32780 d25262d 2 API calls 32772->32780 32781 d25298e 2 API calls 32772->32781 32782 d252968 2 API calls 32772->32782 32783 d252beb 2 API calls 32772->32783 32784 d252db6 2 API calls 32772->32784 32785 d252a5c 2 API calls 32772->32785 32786 d25249a 2 API calls 32772->32786 32773 d25204a 32773->32751 32774->32773 32775->32773 32776->32773 32777->32773 32778->32773 32779->32773 32780->32773 32781->32773 32782->32773 32783->32773 32784->32773 32785->32773 32786->32773 32788 d252dbc 32787->32788 32848 d250210 32788->32848 32852 d250218 32788->32852 32789 d252e61 32793 d252c14 32792->32793 32856 d250460 32793->32856 32860 d250458 32793->32860 32794 d252c38 32798 d252bfd 32797->32798 32800 d250460 WriteProcessMemory 32798->32800 32801 d250458 WriteProcessMemory 32798->32801 32799 d252c38 32800->32799 32801->32799 32803 d252687 32802->32803 32804 d252b8a 32803->32804 32805 d250460 WriteProcessMemory 32803->32805 32806 d250458 WriteProcessMemory 32803->32806 32804->32756 32805->32803 32806->32803 32809 d250460 WriteProcessMemory 32807->32809 32810 d250458 WriteProcessMemory 32807->32810 32808 d252599 32809->32808 32810->32808 32812 d2529e3 32811->32812 32864 d2503a0 32812->32864 32868 d250399 32812->32868 32813 d252a01 32872 d250550 32816->32872 32876 d250548 32816->32876 32817 d252b24 32880 d2502c1 32820->32880 32884 d2502c8 32820->32884 32821 d252ae3 32826 d2502c1 Wow64SetThreadContext 32824->32826 32827 d2502c8 Wow64SetThreadContext 32824->32827 32825 d2526a9 32825->32756 32826->32825 32827->32825 32829 d252627 32828->32829 32830 d252b8a 32829->32830 32831 d250460 WriteProcessMemory 32829->32831 32832 d250458 WriteProcessMemory 32829->32832 32830->32756 32831->32829 32832->32829 32834 d252743 32833->32834 32836 d250210 ResumeThread 32834->32836 32837 d250218 ResumeThread 32834->32837 32835 d252e61 32836->32835 32837->32835 32839 d2524d0 32838->32839 32888 d2506dc 32839->32888 32892 d2506e8 32839->32892 32844 d252a62 32843->32844 32846 d250210 ResumeThread 32844->32846 32847 d250218 ResumeThread 32844->32847 32845 d252e61 32846->32845 32847->32845 32849 d250218 ResumeThread 32848->32849 32851 d250289 32849->32851 32851->32789 32853 d250258 ResumeThread 32852->32853 32855 d250289 32853->32855 32855->32789 32857 d2504a8 WriteProcessMemory 32856->32857 32859 d2504ff 32857->32859 32859->32794 32861 d250460 WriteProcessMemory 32860->32861 32863 d2504ff 32861->32863 32863->32794 32865 d2503e0 VirtualAllocEx 32864->32865 32867 d25041d 32865->32867 32867->32813 32869 d2503a0 VirtualAllocEx 32868->32869 32871 d25041d 32869->32871 32871->32813 32873 d25059b ReadProcessMemory 32872->32873 32875 d2505df 32873->32875 32875->32817 32877 d250550 ReadProcessMemory 32876->32877 32879 d2505df 32877->32879 32879->32817 32881 d2502c8 Wow64SetThreadContext 32880->32881 32883 d250355 32881->32883 32883->32821 32885 d25030d Wow64SetThreadContext 32884->32885 32887 d250355 32885->32887 32887->32821 32889 d250771 CreateProcessA 32888->32889 32891 d250933 32889->32891 32891->32891 32893 d250771 CreateProcessA 32892->32893 32895 d250933 32893->32895 32895->32895 32934 16bacb0 32935 16bacbf 32934->32935 32938 16bada8 32934->32938 32946 16bad97 32934->32946 32939 16badb9 32938->32939 32940 16baddc 32938->32940 32939->32940 32954 16bb040 32939->32954 32958 16bb030 32939->32958 32940->32935 32941 16badd4 32941->32940 32942 16bafe0 GetModuleHandleW 32941->32942 32943 16bb00d 32942->32943 32943->32935 32947 16badb9 32946->32947 32948 16baddc 32946->32948 32947->32948 32952 16bb040 LoadLibraryExW 32947->32952 32953 16bb030 LoadLibraryExW 32947->32953 32948->32935 32949 16badd4 32949->32948 32950 16bafe0 GetModuleHandleW 32949->32950 32951 16bb00d 32950->32951 32951->32935 32952->32949 32953->32949 32955 16bb054 32954->32955 32956 16bb079 32955->32956 32962 16ba130 32955->32962 32956->32941 32959 16bb054 32958->32959 32960 16ba130 LoadLibraryExW 32959->32960 32961 16bb079 32959->32961 32960->32961 32961->32941 32963 16bb220 LoadLibraryExW 32962->32963 32965 16bb299 32963->32965 32965->32956 32974 16bd040 32975 16bd086 32974->32975 32979 16bd628 32975->32979 32982 16bd618 32975->32982 32976 16bd173 32985 16bd27c 32979->32985 32983 16bd27c DuplicateHandle 32982->32983 32984 16bd656 32982->32984 32983->32984 32984->32976 32986 16bd690 DuplicateHandle 32985->32986 32987 16bd656 32986->32987 32987->32976 32966 d255338 32967 d255346 32966->32967 32970 d255365 32966->32970 32971 d254f38 32967->32971 32972 d2554b0 FindCloseChangeNotification 32971->32972 32973 d255361 32972->32973 32896 153d01c 32897 153d034 32896->32897 32898 153d08e 32897->32898 32901 5502818 32897->32901 32906 5502809 32897->32906 32902 5502845 32901->32902 32903 5502877 32902->32903 32911 5502990 32902->32911 32915 55029a0 32902->32915 32908 5502845 32906->32908 32907 5502877 32908->32907 32909 5502990 2 API calls 32908->32909 32910 55029a0 2 API calls 32908->32910 32909->32907 32910->32907 32912 55029b4 32911->32912 32919 5502a58 32912->32919 32913 5502a40 32913->32903 32916 55029b4 32915->32916 32918 5502a58 2 API calls 32916->32918 32917 5502a40 32917->32903 32918->32917 32921 5502a69 32919->32921 32922 5504012 32919->32922 32921->32913 32926 5504040 32922->32926 32930 5504030 32922->32930 32923 550402a 32923->32921 32927 5504082 32926->32927 32929 5504089 32926->32929 32928 55040da CallWindowProcW 32927->32928 32927->32929 32928->32929 32929->32923 32931 5504082 32930->32931 32933 5504089 32930->32933 32932 55040da CallWindowProcW 32931->32932 32931->32933 32932->32933 32933->32923

                                          Executed Functions

                                          Function 0D2506DC Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 d2506dc-d25077d 2 d2507b6-d2507d6 0->2 3 d25077f-d250789 0->3 10 d25080f-d25083e 2->10 11 d2507d8-d2507e2 2->11 3->2 4 d25078b-d25078d 3->4 5 d2507b0-d2507b3 4->5 6 d25078f-d250799 4->6 5->2 8 d25079d-d2507ac 6->8 9 d25079b 6->9 8->8 12 d2507ae 8->12 9->8 17 d250877-d250931 CreateProcessA 10->17 18 d250840-d25084a 10->18 11->10 13 d2507e4-d2507e6 11->13 12->5 15 d250809-d25080c 13->15 16 d2507e8-d2507f2 13->16 15->10 19 d2507f4 16->19 20 d2507f6-d250805 16->20 31 d250933-d250939 17->31 32 d25093a-d2509c0 17->32 18->17 21 d25084c-d25084e 18->21 19->20 20->20 22 d250807 20->22 23 d250871-d250874 21->23 24 d250850-d25085a 21->24 22->15 23->17 26 d25085c 24->26 27 d25085e-d25086d 24->27 26->27 27->27 28 d25086f 27->28 28->23 31->32 42 d2509d0-d2509d4 32->42 43 d2509c2-d2509c6 32->43 45 d2509e4-d2509e8 42->45 46 d2509d6-d2509da 42->46 43->42 44 d2509c8 43->44 44->42 48 d2509f8-d2509fc 45->48 49 d2509ea-d2509ee 45->49 46->45 47 d2509dc 46->47 47->45 51 d250a0e-d250a15 48->51 52 d2509fe-d250a04 48->52 49->48 50 d2509f0 49->50 50->48 53 d250a17-d250a26 51->53 54 d250a2c 51->54 52->51 53->54 56 d250a2d 54->56 56->56
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0D25091E
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: ee0e072af786b9e8aa829abe4fb111202228ac17ecd4066ab8d429743c1398f2
                                          • Instruction ID: b64fd5699f1a897c5986cb98ee5baa77af9c59aceaacb43da414728a11c5b87b
                                          • Opcode Fuzzy Hash: ee0e072af786b9e8aa829abe4fb111202228ac17ecd4066ab8d429743c1398f2
                                          • Instruction Fuzzy Hash: 4AA17D71D1021ACFEB10CF68CD81BEEBBB2BF49310F1481AAE859A7244D7749985CF91
                                          Function 0D2506E8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 57 d2506e8-d25077d 59 d2507b6-d2507d6 57->59 60 d25077f-d250789 57->60 67 d25080f-d25083e 59->67 68 d2507d8-d2507e2 59->68 60->59 61 d25078b-d25078d 60->61 62 d2507b0-d2507b3 61->62 63 d25078f-d250799 61->63 62->59 65 d25079d-d2507ac 63->65 66 d25079b 63->66 65->65 69 d2507ae 65->69 66->65 74 d250877-d250931 CreateProcessA 67->74 75 d250840-d25084a 67->75 68->67 70 d2507e4-d2507e6 68->70 69->62 72 d250809-d25080c 70->72 73 d2507e8-d2507f2 70->73 72->67 76 d2507f4 73->76 77 d2507f6-d250805 73->77 88 d250933-d250939 74->88 89 d25093a-d2509c0 74->89 75->74 78 d25084c-d25084e 75->78 76->77 77->77 79 d250807 77->79 80 d250871-d250874 78->80 81 d250850-d25085a 78->81 79->72 80->74 83 d25085c 81->83 84 d25085e-d25086d 81->84 83->84 84->84 85 d25086f 84->85 85->80 88->89 99 d2509d0-d2509d4 89->99 100 d2509c2-d2509c6 89->100 102 d2509e4-d2509e8 99->102 103 d2509d6-d2509da 99->103 100->99 101 d2509c8 100->101 101->99 105 d2509f8-d2509fc 102->105 106 d2509ea-d2509ee 102->106 103->102 104 d2509dc 103->104 104->102 108 d250a0e-d250a15 105->108 109 d2509fe-d250a04 105->109 106->105 107 d2509f0 106->107 107->105 110 d250a17-d250a26 108->110 111 d250a2c 108->111 109->108 110->111 113 d250a2d 111->113 113->113
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0D25091E
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 8b0bda0b31eb895bb5dbaf81e9639ed85d64ef912239f97826af3542bba36c37
                                          • Instruction ID: 9ba76d549759061a6e3dd96cc51f6c3b5b59020538e7b1294d6d95a61dd58330
                                          • Opcode Fuzzy Hash: 8b0bda0b31eb895bb5dbaf81e9639ed85d64ef912239f97826af3542bba36c37
                                          • Instruction Fuzzy Hash: D0916C71D1021ADFEB14CF68CD81BEEBBB2BF49310F1481A9E819A7244DB749985CF91
                                          Function 016BADA8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 114 16bada8-16badb7 115 16badb9-16badc6 call 16ba0cc 114->115 116 16bade3-16bade7 114->116 122 16badc8 115->122 123 16baddc 115->123 118 16badfb-16bae3c 116->118 119 16bade9-16badf3 116->119 125 16bae49-16bae57 118->125 126 16bae3e-16bae46 118->126 119->118 169 16badce call 16bb040 122->169 170 16badce call 16bb030 122->170 123->116 127 16bae7b-16bae7d 125->127 128 16bae59-16bae5e 125->128 126->125 133 16bae80-16bae87 127->133 130 16bae69 128->130 131 16bae60-16bae67 call 16ba0d8 128->131 129 16badd4-16badd6 129->123 132 16baf18-16bafd8 129->132 135 16bae6b-16bae79 130->135 131->135 164 16bafda-16bafdd 132->164 165 16bafe0-16bb00b GetModuleHandleW 132->165 136 16bae89-16bae91 133->136 137 16bae94-16bae9b 133->137 135->133 136->137 140 16baea8-16baeaa call 16ba0e8 137->140 141 16bae9d-16baea5 137->141 143 16baeaf-16baeb1 140->143 141->140 145 16baebe-16baec3 143->145 146 16baeb3-16baebb 143->146 147 16baee1-16baeee 145->147 148 16baec5-16baecc 145->148 146->145 155 16baf11-16baf17 147->155 156 16baef0-16baf0e 147->156 148->147 150 16baece-16baede call 16ba0f8 call 16ba108 148->150 150->147 156->155 164->165 166 16bb00d-16bb013 165->166 167 16bb014-16bb028 165->167 166->167 169->129 170->129
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016BAFFE
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 72b8652dd758776df47cfa796d0eaeeecefebede0507c5de88dea10b770368d7
                                          • Instruction ID: 7633525b6d2f7e23824dba7449cb8d110407c81508aaaabdd06eed93e1cbf6cb
                                          • Opcode Fuzzy Hash: 72b8652dd758776df47cfa796d0eaeeecefebede0507c5de88dea10b770368d7
                                          • Instruction Fuzzy Hash: 47713870A00B058FE724DF69D88479ABBF1FF88204F008A2DD586D7B50D775E88ACB94
                                          Function 016B590D Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 171 16b590d-16b5913 172 16b591c-16b59d9 CreateActCtxA 171->172 174 16b59db-16b59e1 172->174 175 16b59e2-16b5a3c 172->175 174->175 182 16b5a4b-16b5a4f 175->182 183 16b5a3e-16b5a41 175->183 184 16b5a51-16b5a5d 182->184 185 16b5a60 182->185 183->182 184->185 187 16b5a61 185->187 187->187
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 016B59C9
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: bfec1c4593aa99ae98107b8a2c246636a5749541a4b8e75f51282592227ee991
                                          • Instruction ID: 05b6025388f58d4892b6256c714b24f86b280141cc9157a07139ea86418d9db8
                                          • Opcode Fuzzy Hash: bfec1c4593aa99ae98107b8a2c246636a5749541a4b8e75f51282592227ee991
                                          • Instruction Fuzzy Hash: 8841BF70C0071DCBDB24DFAAC8847DDBBB5BF49304F2081AAD919AB251DB756986CF90
                                          Function 016B44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 188 16b44b0-16b59d9 CreateActCtxA 191 16b59db-16b59e1 188->191 192 16b59e2-16b5a3c 188->192 191->192 199 16b5a4b-16b5a4f 192->199 200 16b5a3e-16b5a41 192->200 201 16b5a51-16b5a5d 199->201 202 16b5a60 199->202 200->199 201->202 204 16b5a61 202->204 204->204
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 016B59C9
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 5c69b31c051055c13d6b06db1f20812255c4b3f6fc17053cf77ae54a4a22e90f
                                          • Instruction ID: e60fcce23cf2587c6a9532f89555a0997dffc68eb46dc6dc5dd555b45ed6a6dc
                                          • Opcode Fuzzy Hash: 5c69b31c051055c13d6b06db1f20812255c4b3f6fc17053cf77ae54a4a22e90f
                                          • Instruction Fuzzy Hash: 5941D170C0075DCBDB24DFAAC884BCEBBB5BF49704F20806AD909AB251DB756985CF90
                                          Function 05504040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 205 5504040-550407c 206 5504082-5504087 205->206 207 550412c-550414c 205->207 208 5504089-55040c0 206->208 209 55040da-5504112 CallWindowProcW 206->209 213 550414f-550415c 207->213 215 55040c2-55040c8 208->215 216 55040c9-55040d8 208->216 211 5504114-550411a 209->211 212 550411b-550412a 209->212 211->212 212->213 215->216 216->213
                                          APIs
                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 05504101
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2293015348.0000000005500000.00000040.00000800.00020000.00000000.sdmp, Offset: 05500000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_5500000_Logon32.jbxd
                                          Similarity
                                          • API ID: CallProcWindow
                                          • String ID:
                                          • API String ID: 2714655100-0
                                          • Opcode ID: f5e5d5ed10ff1a7d17f2c2ecd60e0ca241180e16b891e362ab20ca7c62546a50
                                          • Instruction ID: 3979f41e0602305cefb69d54c49fb587b60c03dbdfacb6ab4cfb47d786b582c6
                                          • Opcode Fuzzy Hash: f5e5d5ed10ff1a7d17f2c2ecd60e0ca241180e16b891e362ab20ca7c62546a50
                                          • Instruction Fuzzy Hash: 254107B4A00309CFDB14CF99C888AAAFBF5FB88314F248459D519AB361D775A841CFA0
                                          Function 016BD751 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 219 16bd751-16bd758 220 16bd75a-16bd87e 219->220 221 16bd714-16bd724 DuplicateHandle 219->221 222 16bd72d-16bd74a 221->222 223 16bd726-16bd72c 221->223 223->222
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,016BD656,?,?,?,?,?), ref: 016BD717
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 87df9317a91b16a182748ccd70d4b72d54d48a0b52e4639e99c18b0c7ba5f4a2
                                          • Instruction ID: 61d77dcdcdfc85b7e5d9f5f0ca5296adeaf50e03e5983f59c9e0709feeeccff8
                                          • Opcode Fuzzy Hash: 87df9317a91b16a182748ccd70d4b72d54d48a0b52e4639e99c18b0c7ba5f4a2
                                          • Instruction Fuzzy Hash: B43184B8A803889FEB089F64E4567A9BFAAFB84350F158535ED118B3D4CFB44856CF10
                                          Function 0D250458 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 237 d250458-d2504ae 240 d2504b0-d2504bc 237->240 241 d2504be-d2504fd WriteProcessMemory 237->241 240->241 243 d250506-d250536 241->243 244 d2504ff-d250505 241->244 244->243
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0D2504F0
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: cae1c268ea28e99efd05a8c35ce83cb5610111982c6586f372243e41f02720f1
                                          • Instruction ID: 1da7598818f7bf6d3ffdc7ecffebd07d004fac7037b89655f588ed1b6a9f3278
                                          • Opcode Fuzzy Hash: cae1c268ea28e99efd05a8c35ce83cb5610111982c6586f372243e41f02720f1
                                          • Instruction Fuzzy Hash: EC2146759103599FDB10DFAAC981BEEBBF5FF88310F10842AE919A7240C7789944CBA4
                                          Function 0D250460 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 248 d250460-d2504ae 250 d2504b0-d2504bc 248->250 251 d2504be-d2504fd WriteProcessMemory 248->251 250->251 253 d250506-d250536 251->253 254 d2504ff-d250505 251->254 254->253
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0D2504F0
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: c592f0523188d3cde5d92c91281fa5e81867637f6bee8dccd44b9af64f2a0d26
                                          • Instruction ID: 742a4f78b04fcc2809a7e734db6958c4e59c6857256c9b3ea44e51d19e5da2bc
                                          • Opcode Fuzzy Hash: c592f0523188d3cde5d92c91281fa5e81867637f6bee8dccd44b9af64f2a0d26
                                          • Instruction Fuzzy Hash: 5D2125759003599FDB10DFAAC985BEEBBF5FF88310F10842AE919A7240C7789954CBA4
                                          Function 0D250548 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 258 d250548-d2505dd ReadProcessMemory 262 d2505e6-d250616 258->262 263 d2505df-d2505e5 258->263 263->262
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0D2505D0
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: 93179b194a849016ce0a3d467b72f8c80d8cbc3a45ba004f1aa7e5d86ca96252
                                          • Instruction ID: 7a91448f7dde60f6cc202c082727e3f478be3623fb6e6a69b22403115f01eb0e
                                          • Opcode Fuzzy Hash: 93179b194a849016ce0a3d467b72f8c80d8cbc3a45ba004f1aa7e5d86ca96252
                                          • Instruction Fuzzy Hash: 102148B1C003499FDB10DFAAC881AEEBBF4FF88310F50842AE959A7251C7389504DBA4
                                          Function 016BD27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 267 16bd27c-16bd724 DuplicateHandle 269 16bd72d-16bd74a 267->269 270 16bd726-16bd72c 267->270 270->269
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,016BD656,?,?,?,?,?), ref: 016BD717
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 95340c2d7b5ff976df4f01ab41d64095a15eb0f7d45a591424265e31abe85a5e
                                          • Instruction ID: 9235daf49f73537bc8b5900739b865978052b55145aca50d2c828addf457e207
                                          • Opcode Fuzzy Hash: 95340c2d7b5ff976df4f01ab41d64095a15eb0f7d45a591424265e31abe85a5e
                                          • Instruction Fuzzy Hash: 2A21E6B5D00259DFDB10CF9AD984AEEBBF4EB48314F14841AE918A7310D374A954CFA4
                                          Function 0D2502C1 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 273 d2502c1-d250313 276 d250315-d250321 273->276 277 d250323-d250353 Wow64SetThreadContext 273->277 276->277 279 d250355-d25035b 277->279 280 d25035c-d25038c 277->280 279->280
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0D250346
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 0dbdd21e5aada3c0cd8dc74470ae9052f9cb1f78f1212ccd66290521d1ccec78
                                          • Instruction ID: cd697f8d9045d3bf2c539820189bed360ac08019f8106664be860e5ecf993236
                                          • Opcode Fuzzy Hash: 0dbdd21e5aada3c0cd8dc74470ae9052f9cb1f78f1212ccd66290521d1ccec78
                                          • Instruction Fuzzy Hash: E5213A71D103099FDB10DFAAC585BEEBBF4EF88314F148429D559A7240C7789944CFA5
                                          Function 0D250550 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 294 d250550-d2505dd ReadProcessMemory 297 d2505e6-d250616 294->297 298 d2505df-d2505e5 294->298 298->297
                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0D2505D0
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: da3364dabb60a07696fb0d5bb80bbc2b8ebd10246127abeed85db597547141f0
                                          • Instruction ID: 05fe9cbb322003cb2c07a16f5cd4bcdebafb41710ebe1fedb3b1dd7085b9a4f6
                                          • Opcode Fuzzy Hash: da3364dabb60a07696fb0d5bb80bbc2b8ebd10246127abeed85db597547141f0
                                          • Instruction Fuzzy Hash: 24212871C003499FDB10DFAAC981AEEBBF5FF48310F50842AE959A7240C7389554DBA4
                                          Function 0D2502C8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 284 d2502c8-d250313 286 d250315-d250321 284->286 287 d250323-d250353 Wow64SetThreadContext 284->287 286->287 289 d250355-d25035b 287->289 290 d25035c-d25038c 287->290 289->290
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0D250346
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 1b555be2f7d595c77e3a22e29423284a03339ccb9c96a1bab8be6badd3da98b5
                                          • Instruction ID: dfae08c72b8c9c0a350e82f5b0868747d5ce8668dc45438e7ddeabd722d60b71
                                          • Opcode Fuzzy Hash: 1b555be2f7d595c77e3a22e29423284a03339ccb9c96a1bab8be6badd3da98b5
                                          • Instruction Fuzzy Hash: 53215B71D003099FDB10DFAAC985BEEBBF4EF88324F14842AD559A7240C7789944CFA4
                                          Function 016BD689 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 302 16bd689-16bd724 DuplicateHandle 303 16bd72d-16bd74a 302->303 304 16bd726-16bd72c 302->304 304->303
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,016BD656,?,?,?,?,?), ref: 016BD717
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: adf11139d94a8152237c99f0951aa27bfd2859faac0e2cbef448b7bbbe7fdda7
                                          • Instruction ID: 44b999cc1e47c7906c361fff88902b43c31f67d273bafa2e285058fdf76ceeb9
                                          • Opcode Fuzzy Hash: adf11139d94a8152237c99f0951aa27bfd2859faac0e2cbef448b7bbbe7fdda7
                                          • Instruction Fuzzy Hash: 2B21E3B5900259DFDB10CF99D984AEEBBF5EB48314F14841AE918B7350C378A954CF60
                                          Function 016BA130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016BB079,00000800,00000000,00000000), ref: 016BB28A
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: bb00a701d2ac0aeae46a6e3de48d24b8ac18904df3a06c95dbc5331d98ad96cf
                                          • Instruction ID: bd362680612e1ef8b25cd06a42122b209f1f4c95b0d5e3a7c4d2f276fa057037
                                          • Opcode Fuzzy Hash: bb00a701d2ac0aeae46a6e3de48d24b8ac18904df3a06c95dbc5331d98ad96cf
                                          • Instruction Fuzzy Hash: 3F1112B69002099FDB14CF9AD884AEEFBF4EB88310F10842AE519A7310C375A945CFA4
                                          Function 0D250399 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0D25040E
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 4e53066ee64b03c3b31e3630b5a0e023adb67a1863394b665ba847a6d6903cfa
                                          • Instruction ID: 68ebcea01a886ac96c68c949131794c27e09fa8a90f0bd5e94a4b46472a446d5
                                          • Opcode Fuzzy Hash: 4e53066ee64b03c3b31e3630b5a0e023adb67a1863394b665ba847a6d6903cfa
                                          • Instruction Fuzzy Hash: FF1167759002499FDB10DFAAC844BEFBBF5EF88324F248819E919A7250C7759940CFA0
                                          Function 0D2503A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0D25040E
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 1ef79046592a4b2a752a11d2c3a16d5e31a4c941580e0d0008949d987f3e8b3d
                                          • Instruction ID: 623d5504fc547dc94b199e03de30dbad97d8658e0eb1d619315e34f367ada5c7
                                          • Opcode Fuzzy Hash: 1ef79046592a4b2a752a11d2c3a16d5e31a4c941580e0d0008949d987f3e8b3d
                                          • Instruction Fuzzy Hash: 8A1167719002499FDB10DFAAC844BEFBBF5EF88324F248419E919A7250C7759940CFA0
                                          Function 016BB218 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016BB079,00000800,00000000,00000000), ref: 016BB28A
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: ee1233488302159a4734da2b1989745a4ca80fb3e8be63167ffb36ebd412c81f
                                          • Instruction ID: e34ec1d66ac4f459d97fb61d9fde029ca6de4a327484cb8dd5c17a7869ba3d2c
                                          • Opcode Fuzzy Hash: ee1233488302159a4734da2b1989745a4ca80fb3e8be63167ffb36ebd412c81f
                                          • Instruction Fuzzy Hash: 6911E2B6D00209CFDB14CFAAC984BEEFBF4EB48310F14842AD519A7650C379A545CFA4
                                          Function 0D250210 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: ffaacfdf274bbaeb9e4be9a8dec10ab8c96d42cd1204e96828b1f2ccf312ee7a
                                          • Instruction ID: d228cbd48b6d2ce18d91314d9e7df5e7d98014ecc8ac2fdd4a0fcec9a6beac32
                                          • Opcode Fuzzy Hash: ffaacfdf274bbaeb9e4be9a8dec10ab8c96d42cd1204e96828b1f2ccf312ee7a
                                          • Instruction Fuzzy Hash: 1C114671D003498FDB10DFAAC845BEFBBF4EB88724F24881AD519A7240C735A940CF95
                                          Function 0D254F38 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0D255361,?,?), ref: 0D255508
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 8059737003743de8caba9a03573fc6b1c3e7ff861c5d9bbc665adfcf73ccefa0
                                          • Instruction ID: 443ccd52bf543b69e23901e97e8d962e23cd23aa05e824d4665952149fa0706b
                                          • Opcode Fuzzy Hash: 8059737003743de8caba9a03573fc6b1c3e7ff861c5d9bbc665adfcf73ccefa0
                                          • Instruction Fuzzy Hash: 041133B5810749CFDB10DF9AC584BEEBBF4EB48320F20846AD959A7341D378A944CFA5
                                          Function 0D2554A8 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0D255361,?,?), ref: 0D255508
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: a7a8b0af4ccbabd185fd9c23081d74934cc62e55519a9a6a1f5b6dcdfef2e5a7
                                          • Instruction ID: 21c8c8c626fb52c38c67a35b2b06cefad6fbe591455c547b10256958515cbd23
                                          • Opcode Fuzzy Hash: a7a8b0af4ccbabd185fd9c23081d74934cc62e55519a9a6a1f5b6dcdfef2e5a7
                                          • Instruction Fuzzy Hash: 481133B5810249CFDB10DF9AC584BEEBBF4EB48320F20841AD958A7341C338A544CFA5
                                          Function 0D250218 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: aa73ae7b58f380eb2d7044277b8593ed0cbef4f7c9a29c622cd95dc02b38e280
                                          • Instruction ID: 33e8788b0c21c5bfb5a10be1e5673173a4bb818b526202e0e19e2f158020bc2b
                                          • Opcode Fuzzy Hash: aa73ae7b58f380eb2d7044277b8593ed0cbef4f7c9a29c622cd95dc02b38e280
                                          • Instruction Fuzzy Hash: E4112871D003498FDB10DFAAC945B9EFBF4EB88724F248419D519A7240C775A544CB95
                                          Function 016BAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 016BAFFE
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2289461725.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_16b0000_Logon32.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: c2f8c53b8efdc9b79ce86aca99da3604e08ccd747262326e52d3463b12449033
                                          • Instruction ID: a4b87c59d69d284cc5338dadf8d2a30ad163338fa564ad425bf62ae40fc61234
                                          • Opcode Fuzzy Hash: c2f8c53b8efdc9b79ce86aca99da3604e08ccd747262326e52d3463b12449033
                                          • Instruction Fuzzy Hash: 291110B5C002498FDB10CF9AC884BDEFBF4EB88224F10841AD528A7210C379A545CFA1
                                          Function 0D2514F0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0D25366D
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: b543566bce3feed1c29b2ffde14d2c37445bccf34151223d6902d9c9cb6c7454
                                          • Instruction ID: 0d4547a1f1e73288f1792c4e85ff3b8aea2cd1ed804502447a7959892f0711d9
                                          • Opcode Fuzzy Hash: b543566bce3feed1c29b2ffde14d2c37445bccf34151223d6902d9c9cb6c7454
                                          • Instruction Fuzzy Hash: A111F2B5800349DFDB10DF9AC584BDEBBF8EB48360F20845AE919A7301C375A954CFA9
                                          Function 0D253608 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0D25366D
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2295271913.000000000D250000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D250000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_d250000_Logon32.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 9ea539f9ed5b3e18b761c809a7b55f003a5035c082c220c2d5a9cd516faf81d6
                                          • Instruction ID: 727d2221a7cd543ce5e4bfd66294f966278b17514e57a6ca8b1c9c117d384021
                                          • Opcode Fuzzy Hash: 9ea539f9ed5b3e18b761c809a7b55f003a5035c082c220c2d5a9cd516faf81d6
                                          • Instruction Fuzzy Hash: DF11F2B5800249DFDB10DF9AC585BDEBBF8EB48320F20841AE918A7600C375A544CFA5
                                          Function 0152D68C Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49c52731dab461684cb1a04f5b0c9be7ca96bc922fa0a3bd7aae5b6495345f7a
                                          • Instruction ID: af5f7f51a64c6237efa7ec17faf2aa69c7d485f995440c5ee9c71f790b3968a3
                                          • Opcode Fuzzy Hash: 49c52731dab461684cb1a04f5b0c9be7ca96bc922fa0a3bd7aae5b6495345f7a
                                          • Instruction Fuzzy Hash: 4F213873100280DFDF059F54D9C4F1ABBB6FB88314F248668E9090F296C33AD416CB61
                                          Function 0152D1FC Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3b11d87bfa9db8b6cc001c813ac4e5fe6707ac89ee7ee50b1da30e6d555b1bf
                                          • Instruction ID: d402ed04e2aa867f04cc482ad12b0e97578387d57c7ed65176cb5b01d4db1972
                                          • Opcode Fuzzy Hash: f3b11d87bfa9db8b6cc001c813ac4e5fe6707ac89ee7ee50b1da30e6d555b1bf
                                          • Instruction Fuzzy Hash: B021F172504240DFDB05DF94D9C4B2ABBB5FB8A320F20C569E9090E286C336D456CBA1
                                          Function 0152D4C4 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a69b0c3aa51757b5fe53ed5cb550354a39eba1ee9ca5e14b7c143c7e4c18df2
                                          • Instruction ID: 06f0479e5a331d28754652222c1c9e9742eb6cfdfac3adcd6cd1bd36aec93a79
                                          • Opcode Fuzzy Hash: 9a69b0c3aa51757b5fe53ed5cb550354a39eba1ee9ca5e14b7c143c7e4c18df2
                                          • Instruction Fuzzy Hash: 91210372604240DFDB05DF54D9C0B2ABFB5FB88318F20C56DE9090F296C376D456CAA1
                                          Function 0153D1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288610710.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_153d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a56943d015748c01dbd8a465ca7c98c56741c051a0f29df9f18baa61084fe34b
                                          • Instruction ID: 31ca6839b443a17075c49a004377acf2e88b01ec054abd9f557dd45c67e88d11
                                          • Opcode Fuzzy Hash: a56943d015748c01dbd8a465ca7c98c56741c051a0f29df9f18baa61084fe34b
                                          • Instruction Fuzzy Hash: BE210471504204EFDB06DF94D9C0B2ABBB5FBC4324F60CA6DE9094F292C37AD446CA61
                                          Function 0153D01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288610710.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_153d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32a4439b9d5393387b3c32a96896c567d333a716135066b6857dcbaab55a90bd
                                          • Instruction ID: 9412cedb5753a79a8a8f1e0b5304879869fac6b83b6abd3a3df6184cf1db532c
                                          • Opcode Fuzzy Hash: 32a4439b9d5393387b3c32a96896c567d333a716135066b6857dcbaab55a90bd
                                          • Instruction Fuzzy Hash: 9521FF71604204DFDB15DFA4D980B2AFBB5FB84B14F60C96DE90A4F292D33AD447CA61
                                          Function 0153D006 Relevance: .1, Instructions: 62COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288610710.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_153d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d52afee519dd1c5bd846d7a68c8285a030b4c07e45273db8efb54cc3a7d55895
                                          • Instruction ID: ceff5740cebe1a4e389d2f0cca92a86553c00a67097b52fcc54a32473b3ad6a4
                                          • Opcode Fuzzy Hash: d52afee519dd1c5bd846d7a68c8285a030b4c07e45273db8efb54cc3a7d55895
                                          • Instruction Fuzzy Hash: 422180755093808FCB02CF64D990715FF71FB86214F28C5DAD8498F2A7C33A980ACB62
                                          Function 0152D687 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 448c806a5054ba187e4508f7a226a03bb761a6c68aed6e9adf4fb178f3854da0
                                          • Instruction ID: c04a3b29b845fbcebd0c86ee6db95b130a8f26fdffcd0df05f955ad113e77c7f
                                          • Opcode Fuzzy Hash: 448c806a5054ba187e4508f7a226a03bb761a6c68aed6e9adf4fb178f3854da0
                                          • Instruction Fuzzy Hash: AB218C76504284DFDB06CF54D9C4B1ABF72FB89314F2886A9D9490E256C33AD426CB91
                                          Function 0152D1F7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97b80ae79017b4ed6bea6dd9b7a80ca74a39b088e4df1c4c2e3fdfc2e958b63e
                                          • Instruction ID: c58db328979393a5debb2e595d6be47ebf8e3f79983f1271530b84e339538bbc
                                          • Opcode Fuzzy Hash: 97b80ae79017b4ed6bea6dd9b7a80ca74a39b088e4df1c4c2e3fdfc2e958b63e
                                          • Instruction Fuzzy Hash: 2E21CD76404240CFCB06CF44D9C4B1ABF72FB85324F24C1A9DC080E296C33AD426CBA1
                                          Function 0152D4BF Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                          • Instruction ID: 701166c4f0a7ad078e19146243b83e42958774accd0d43bbc6f1deb9b1dd09a4
                                          • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                          • Instruction Fuzzy Hash: D811CD72504280CFCB02CF54D5C0B1ABF71FB84218F24C6A9D8090F256C33AD456CBA1
                                          Function 0153D1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288610710.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_153d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: 182e3c70c5ec3ad46d8d81cdbce19b1ade0765e2b2f34d8241e31508788fed38
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: 0D11BB75504280DFCB02CF54C5C0B19BBB1FB84224F24C6A9E8494F297C33AD40ACB61
                                          Function 0152D7C5 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99cb4c969a23aa4ec6284bcee23546ba3d6652882314d07396f7c72a9c87e955
                                          • Instruction ID: d8412fc8d7a4a75646cac369d41bd311d16b54df7022ae13feba696ffba9cdda
                                          • Opcode Fuzzy Hash: 99cb4c969a23aa4ec6284bcee23546ba3d6652882314d07396f7c72a9c87e955
                                          • Instruction Fuzzy Hash: 7C01A732504354DAF7214A99CD8476BFFE8FF42625F18C86AEE0D5E1C2C2B9D445C6B1
                                          Function 0152D7C4 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.2288527457.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_7_2_152d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65808a4667b351fac9fc2ce80b7f9ebd365b94a0a73c9b7acdc0c3b373bb1408
                                          • Instruction ID: a692aad03ff722aa33c573d011362f30b764e6623ab9f9e19b043d00b004bea0
                                          • Opcode Fuzzy Hash: 65808a4667b351fac9fc2ce80b7f9ebd365b94a0a73c9b7acdc0c3b373bb1408
                                          • Instruction Fuzzy Hash: 40F0C272404354AAF7108E5AD9C4B66FFA8EB81624F18C45AED0C1E282C2B89840CAB1

                                          Execution Graph

                                          Execution Coverage:13.2%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:13
                                          Total number of Limit Nodes:1
                                          execution_graph 28764 1b17f20 28765 1b17f64 CheckRemoteDebuggerPresent 28764->28765 28766 1b17fa6 28765->28766 28751 1b1fab2 28752 1b1faf5 28751->28752 28753 1b1facd 28751->28753 28757 1b1fb90 28752->28757 28761 1b1fb98 28752->28761 28754 1b1fb12 28758 1b1fb99 GlobalMemoryStatusEx 28757->28758 28760 1b1fc0e 28758->28760 28760->28754 28762 1b1fbde GlobalMemoryStatusEx 28761->28762 28763 1b1fc0e 28762->28763 28763->28754

                                          Executed Functions

                                          Function 07312418 Relevance: 1.5, Instructions: 1528COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e4239a1ce6eb2cb729b9117a24f7a2882ddca6089f1796dfaeb7f5dd5e2b5a0
                                          • Instruction ID: 642408d0a96566058ed0b35367e6994ace3e2481519edf64257ccaffe3401deb
                                          • Opcode Fuzzy Hash: 9e4239a1ce6eb2cb729b9117a24f7a2882ddca6089f1796dfaeb7f5dd5e2b5a0
                                          • Instruction Fuzzy Hash: F2E22974A0021ACFEB24DB68C484A9EB7F2FF89311F5585A9D449AB351EB31ED85CF40
                                          Function 07316378 Relevance: .8, Instructions: 814COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ffd495bd551933ab9cff165f5828865eef4a8399e51e9b43a03a7ccb4efaeb9b
                                          • Instruction ID: 3130adb288f6baa23f8589103d0b6c9c372a9b2c28d41b3c8286631605683f08
                                          • Opcode Fuzzy Hash: ffd495bd551933ab9cff165f5828865eef4a8399e51e9b43a03a7ccb4efaeb9b
                                          • Instruction Fuzzy Hash: 6D627EB4A00216DFEB18DBA8D555AAEB7F2EF88315F148469D40ADB390DF35ED42CB40
                                          Function 0731B3C0 Relevance: .8, Instructions: 768COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a78089c07af81feb4dda56629af326b92b0bdc175979c08fbff64d06b3bf89c4
                                          • Instruction ID: 6121140fb03be5ab7c062b014f67112d4475985a949450da1a54034f93b7d5e3
                                          • Opcode Fuzzy Hash: a78089c07af81feb4dda56629af326b92b0bdc175979c08fbff64d06b3bf89c4
                                          • Instruction Fuzzy Hash: FF5250F0A0024A8FFB28DB68D5907AEF7B6FB45310F20852AD449EB755DA34DD81CB91
                                          Function 0731C310 Relevance: .6, Instructions: 638COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2457 731c310-731c332 2459 731c334-731c337 2457->2459 2460 731c594-731c597 2459->2460 2461 731c33d-731c340 2459->2461 2462 731c599 2460->2462 2463 731c57d-731c580 2460->2463 2464 731c342-731c367 2461->2464 2465 731c36c-731c36f 2461->2465 2470 731c59e-731c5a1 2462->2470 2466 731c586-731c58a 2463->2466 2467 731c6aa-731c6dd 2463->2467 2464->2465 2468 731c371-731c38b 2465->2468 2469 731c390-731c393 2465->2469 2471 731c58f-731c592 2466->2471 2492 731c6df-731c6e2 2467->2492 2468->2469 2474 731c395-731c3ba 2469->2474 2475 731c3bf-731c3c2 2469->2475 2472 731c5a3-731c5a9 2470->2472 2473 731c5ae-731c5b1 2470->2473 2471->2460 2471->2470 2472->2473 2480 731c5c1-731c5c4 2473->2480 2481 731c5b3-731c5ba 2473->2481 2474->2475 2477 731c3c4-731c3d5 2475->2477 2478 731c3da-731c3dd 2475->2478 2477->2478 2484 731c40a-731c40d 2478->2484 2485 731c3df-731c405 2478->2485 2486 731c5c6-731c5c9 2480->2486 2489 731c5ce-731c5d1 2480->2489 2481->2486 2487 731c5bc 2481->2487 2493 731c40f-731c429 2484->2493 2494 731c42e-731c431 2484->2494 2485->2484 2486->2489 2487->2480 2495 731c5d3-731c5ef 2489->2495 2496 731c5f4-731c5f7 2489->2496 2503 731c6e4-731c6fd 2492->2503 2504 731c70e-731c711 2492->2504 2493->2494 2497 731c433-731c435 2494->2497 2498 731c438-731c43b 2494->2498 2495->2496 2500 731c5f9-731c602 2496->2500 2501 731c60d-731c610 2496->2501 2497->2498 2507 731c43d-731c457 2498->2507 2508 731c45c-731c45f 2498->2508 2509 731c608 2500->2509 2510 731c55d-731c566 2500->2510 2511 731c680-731c683 2501->2511 2512 731c612-731c67b 2501->2512 2552 731c703-731c70d 2503->2552 2553 731c797-731c7a3 2503->2553 2513 731c713-731c71d 2504->2513 2514 731c71e-731c721 2504->2514 2507->2508 2516 731c461-731c487 2508->2516 2517 731c48c-731c48f 2508->2517 2509->2501 2510->2467 2521 731c56c-731c573 2510->2521 2522 731c685-731c688 2511->2522 2523 731c68d-731c68f 2511->2523 2512->2511 2518 731c723-731c73f 2514->2518 2519 731c744-731c747 2514->2519 2516->2517 2529 731c491-731c4ab 2517->2529 2530 731c4b0-731c4b3 2517->2530 2518->2519 2531 731c767-731c76a 2519->2531 2532 731c749-731c762 2519->2532 2533 731c578-731c57b 2521->2533 2522->2523 2534 731c691 2523->2534 2535 731c696-731c699 2523->2535 2529->2530 2538 731c4b5-731c4d8 2530->2538 2539 731c4dd-731c4e0 2530->2539 2540 731c785-731c787 2531->2540 2541 731c76c-731c77a 2531->2541 2532->2531 2533->2463 2533->2471 2534->2535 2535->2459 2543 731c69f-731c6a9 2535->2543 2538->2539 2548 731c4f1-731c4f4 2539->2548 2549 731c4e2-731c4ec 2539->2549 2550 731c789 2540->2550 2551 731c78e-731c791 2540->2551 2541->2503 2566 731c780 2541->2566 2558 731c4f6-731c504 2548->2558 2559 731c50b-731c50e 2548->2559 2549->2548 2550->2551 2551->2492 2551->2553 2560 731c943-731c94d 2553->2560 2561 731c7a9-731c7b2 2553->2561 2574 731c545-731c546 2558->2574 2575 731c506 2558->2575 2562 731c510-731c522 2559->2562 2563 731c527-731c52a 2559->2563 2568 731c7b8-731c7d8 2561->2568 2569 731c94e-731c986 2561->2569 2562->2563 2563->2500 2571 731c530-731c533 2563->2571 2566->2540 2591 731c931-731c93d 2568->2591 2592 731c7de-731c7e7 2568->2592 2583 731c988-731c98b 2569->2583 2578 731c540-731c543 2571->2578 2579 731c535-731c53b 2571->2579 2582 731c54b-731c54e 2574->2582 2575->2559 2578->2574 2578->2582 2579->2578 2586 731c550-731c555 2582->2586 2587 731c558-731c55b 2582->2587 2589 731c98d-731c9a9 2583->2589 2590 731c9ae-731c9b1 2583->2590 2586->2587 2587->2510 2587->2533 2589->2590 2593 731c9b7-731c9c5 2590->2593 2594 731cb6b-731cb6d 2590->2594 2591->2560 2591->2561 2592->2569 2595 731c7ed-731c81c call 7316328 2592->2595 2601 731c9cc-731c9ce 2593->2601 2598 731cb74-731cb77 2594->2598 2599 731cb6f 2594->2599 2614 731c85e-731c874 2595->2614 2615 731c81e-731c856 2595->2615 2598->2583 2600 731cb7d-731cb86 2598->2600 2599->2598 2605 731c9d0-731c9d3 2601->2605 2606 731c9e5-731ca0f 2601->2606 2605->2600 2612 731cb60-731cb6a 2606->2612 2613 731ca15-731ca1e 2606->2613 2616 731ca24-731cb31 call 7316328 2613->2616 2617 731cb39-731cb5e 2613->2617 2622 731c892-731c8a8 2614->2622 2623 731c876-731c88a 2614->2623 2615->2614 2616->2613 2666 731cb37 2616->2666 2617->2600 2630 731c8c6-731c8d9 2622->2630 2631 731c8aa-731c8be 2622->2631 2623->2622 2636 731c8e7 2630->2636 2637 731c8db-731c8e5 2630->2637 2631->2630 2640 731c8ec-731c8ee 2636->2640 2637->2640 2641 731c8f0-731c8f5 2640->2641 2642 731c91f-731c92b 2640->2642 2644 731c903 2641->2644 2645 731c8f7-731c901 2641->2645 2642->2591 2642->2592 2646 731c908-731c90a 2644->2646 2645->2646 2646->2642 2648 731c90c-731c918 2646->2648 2648->2642 2666->2612
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e62a078b451276b72927eeafdc7c4ce8505543f9617b84bf5fa2965c3ba7ff62
                                          • Instruction ID: 5daf43977c407734be053989b821298523138cb728b3c1c063d601dbebc58a73
                                          • Opcode Fuzzy Hash: e62a078b451276b72927eeafdc7c4ce8505543f9617b84bf5fa2965c3ba7ff62
                                          • Instruction Fuzzy Hash: AA3252B4B012069FEF18DB68D890AAEB7B2FF88310F109529D509E7351DB35EC46DB91
                                          Function 07315358 Relevance: .6, Instructions: 585COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2075e803e7569e2eff27056bdbbc88a7ab0fbfa2c28b87e8dbae10e20d9ac274
                                          • Instruction ID: ccfacd1177405258f2b2bd1a9d6e7341ed643631e7f871fab5efd95334f70855
                                          • Opcode Fuzzy Hash: 2075e803e7569e2eff27056bdbbc88a7ab0fbfa2c28b87e8dbae10e20d9ac274
                                          • Instruction Fuzzy Hash: E312D5B1F002569FEB289F64D8806AEB7B2EF85311F248479E85ADB341DB34DC51CB91
                                          Function 07317B00 Relevance: .5, Instructions: 474COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 3211 7317b00-7317b1e 3214 7317b20-7317b23 3211->3214 3215 7317b25-7317b41 3214->3215 3216 7317b46-7317b49 3214->3216 3215->3216 3217 7317b56-7317b59 3216->3217 3218 7317b4b-7317b55 3216->3218 3220 7317b5b-7317b75 3217->3220 3221 7317b7a-7317b7d 3217->3221 3220->3221 3222 7317b94-7317b96 3221->3222 3223 7317b7f-7317b8d 3221->3223 3225 7317b98 3222->3225 3226 7317b9d-7317ba0 3222->3226 3229 7317ba6-7317bbc 3223->3229 3231 7317b8f 3223->3231 3225->3226 3226->3214 3226->3229 3233 7317bc2-7317bcb 3229->3233 3234 7317dd7-7317de1 3229->3234 3231->3222 3235 7317bd1-7317bee 3233->3235 3236 7317de2-7317e17 3233->3236 3243 7317dc4-7317dd1 3235->3243 3244 7317bf4-7317c1c 3235->3244 3239 7317e19-7317e1c 3236->3239 3241 7317e3f-7317e42 3239->3241 3242 7317e1e-7317e3a 3239->3242 3245 7317e48-7317e54 3241->3245 3246 7317eef-7317ef2 3241->3246 3242->3241 3243->3233 3243->3234 3244->3243 3267 7317c22-7317c2b 3244->3267 3250 7317e5f-7317e61 3245->3250 3247 7318127-7318129 3246->3247 3248 7317ef8-7317f07 3246->3248 3251 7318130-7318133 3247->3251 3252 731812b 3247->3252 3263 7317f26-7317f6a 3248->3263 3264 7317f09-7317f24 3248->3264 3254 7317e63-7317e69 3250->3254 3255 7317e79-7317e7d 3250->3255 3251->3239 3256 7318139-7318142 3251->3256 3252->3251 3259 7317e6b 3254->3259 3260 7317e6d-7317e6f 3254->3260 3261 7317e8b 3255->3261 3262 7317e7f-7317e89 3255->3262 3259->3255 3260->3255 3266 7317e90-7317e92 3261->3266 3262->3266 3273 7317f70-7317f81 3263->3273 3274 73180fb-7318111 3263->3274 3264->3263 3268 7317e94-7317e97 3266->3268 3269 7317ea9-7317ee2 3266->3269 3267->3236 3271 7317c31-7317c4d 3267->3271 3268->3256 3269->3248 3293 7317ee4-7317eee 3269->3293 3280 7317c53-7317c7d 3271->3280 3281 7317db2-7317dbe 3271->3281 3282 7317f87-7317fa4 3273->3282 3283 73180e6-73180f5 3273->3283 3274->3247 3296 7317c83-7317cab 3280->3296 3297 7317da8-7317dad 3280->3297 3281->3243 3281->3267 3282->3283 3295 7317faa-73180a0 call 7316328 3282->3295 3283->3273 3283->3274 3346 73180a2-73180ac 3295->3346 3347 73180ae 3295->3347 3296->3297 3303 7317cb1-7317cdf 3296->3303 3297->3281 3303->3297 3309 7317ce5-7317cee 3303->3309 3309->3297 3310 7317cf4-7317d26 3309->3310 3318 7317d31-7317d4d 3310->3318 3319 7317d28-7317d2c 3310->3319 3318->3281 3321 7317d4f-7317da6 call 7316328 3318->3321 3319->3297 3320 7317d2e 3319->3320 3320->3318 3321->3281 3348 73180b3-73180b5 3346->3348 3347->3348 3348->3283 3349 73180b7-73180bc 3348->3349 3350 73180ca 3349->3350 3351 73180be-73180c8 3349->3351 3352 73180cf-73180d1 3350->3352 3351->3352 3352->3283 3353 73180d3-73180df 3352->3353 3353->3283
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e052e0306614ba151c8458ef77cba607d0e965f619350f9f191ebf352fd40cfa
                                          • Instruction ID: a6cc88a1408f50c5456c657f1f61258c8d7c48fc2d794cba96d693ef6c8e5160
                                          • Opcode Fuzzy Hash: e052e0306614ba151c8458ef77cba607d0e965f619350f9f191ebf352fd40cfa
                                          • Instruction Fuzzy Hash: 8D02A271B0124A9FEB18DB68D4546AEB7F2FF84314F248529D40ADB390EB35ED42CB91
                                          Function 07317420 Relevance: .5, Instructions: 468COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c144486def49b8e84bd43bb88d29c34becbd7f66a87a3f3c39b5020484ec879
                                          • Instruction ID: 1c181911525cbfa23d694eabb9e991bfbda15e499f06a20300d458fb227d4652
                                          • Opcode Fuzzy Hash: 8c144486def49b8e84bd43bb88d29c34becbd7f66a87a3f3c39b5020484ec879
                                          • Instruction Fuzzy Hash: E0121E70A0125ACFEB28DF65C854A9EB7B2FF89300F2485A9D50AAB355DB31DD85CF40
                                          Function 07315A78 Relevance: .4, Instructions: 408COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d718611b8027d8fbdcc4ff790dc9bb5790a4ed07e78060b691ddefafb4bdc52
                                          • Instruction ID: 92b2c09a9ca018d2e3138f1fe979efe9c0f929eeb94c0bf0cc63110d7f4135c0
                                          • Opcode Fuzzy Hash: 1d718611b8027d8fbdcc4ff790dc9bb5790a4ed07e78060b691ddefafb4bdc52
                                          • Instruction Fuzzy Hash: 47D1E371B101168FEB28DB68D4946ADBBF6FFC9310F25846AD40ADB351CA31DC51CB91
                                          Function 01B17F19 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 521 1b17f19-1b17fa4 CheckRemoteDebuggerPresent 523 1b17fa6-1b17fac 521->523 524 1b17fad-1b17fe8 521->524 523->524
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 01B17F97
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4617801001.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_1b10000_Logon32.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 8e71ababf223041f5e5815bf1f08c757a14f8d52e2ab62ad1c936a1cc3e9d458
                                          • Instruction ID: 703fb3dcad5fb5a4051228d675e4ff7b9d6c8d87ddba18be2b5f6abddd13b586
                                          • Opcode Fuzzy Hash: 8e71ababf223041f5e5815bf1f08c757a14f8d52e2ab62ad1c936a1cc3e9d458
                                          • Instruction Fuzzy Hash: D02136B2800259CFDB14DF9AD884BEEBBF4EF48310F15845AE455A7351D778AA44CF60
                                          Function 01B17F20 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 527 1b17f20-1b17fa4 CheckRemoteDebuggerPresent 529 1b17fa6-1b17fac 527->529 530 1b17fad-1b17fe8 527->530 529->530
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 01B17F97
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4617801001.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_1b10000_Logon32.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 8fad3a3d54bee9db5c617fdc6e16778299a1db5c8df4f93b3768749378797e83
                                          • Instruction ID: d4eabb377dc76c85087fe3a5e594b17e64695e24d4fc8cd030b91cc87a01d2e9
                                          • Opcode Fuzzy Hash: 8fad3a3d54bee9db5c617fdc6e16778299a1db5c8df4f93b3768749378797e83
                                          • Instruction Fuzzy Hash: EE2148B2800259CFDB04DF9AD484BEEBBF4AF48210F14845AE455A3250D778A944CF60
                                          Function 01B1FB90 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 533 1b1fb90-1b1fc0c GlobalMemoryStatusEx 536 1b1fc15-1b1fc3d 533->536 537 1b1fc0e-1b1fc14 533->537 537->536
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 01B1FBFF
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4617801001.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_1b10000_Logon32.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 1fcce61d462a7092dff0e450aa7ffff07e8c90b094a7c8a3d77f4e5d17c591a4
                                          • Instruction ID: 9892610e865ee410900161151e0dc9b6a0022ab9ed69a19cc1fa8156db33ea79
                                          • Opcode Fuzzy Hash: 1fcce61d462a7092dff0e450aa7ffff07e8c90b094a7c8a3d77f4e5d17c591a4
                                          • Instruction Fuzzy Hash: 961144B1C0025A9FDB14DFAAC4447DEFBB4EF48324F14816AD858A7241D378A955CFE1
                                          Function 01B1FB98 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 540 1b1fb98-1b1fc0c GlobalMemoryStatusEx 542 1b1fc15-1b1fc3d 540->542 543 1b1fc0e-1b1fc14 540->543 543->542
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 01B1FBFF
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4617801001.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_1b10000_Logon32.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: b5ad9603f3c91ba8dc1d04015d6289ef2cc4f37880f7ef20ee9c2cfd65012765
                                          • Instruction ID: 4d34876ce13ab5cdb4315e85fcbb363561dd40e7623b5c362d283d2ef5bf8aa0
                                          • Opcode Fuzzy Hash: b5ad9603f3c91ba8dc1d04015d6289ef2cc4f37880f7ef20ee9c2cfd65012765
                                          • Instruction Fuzzy Hash: D41142B2C0025A9FDB10CF9AC444BDEFBF4AF48320F14816AD818A7240D378A944CFA5
                                          Function 0731D0D0 Relevance: .8, Instructions: 798COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1908 731d0d0-731d0eb 1910 731d0ed-731d0f0 1908->1910 1911 731d0f2-731d101 1910->1911 1912 731d139-731d13c 1910->1912 1913 731d110-731d11c 1911->1913 1914 731d103-731d108 1911->1914 1915 731d185-731d188 1912->1915 1916 731d13e-731d180 1912->1916 1917 731d122-731d134 1913->1917 1918 731daed-731db26 1913->1918 1914->1913 1919 731d1d1-731d1d4 1915->1919 1920 731d18a-731d1cc 1915->1920 1916->1915 1917->1912 1934 731db28-731db2b 1918->1934 1921 731d1f1-731d1f4 1919->1921 1922 731d1d6-731d1ec 1919->1922 1920->1919 1924 731d1f6-731d238 1921->1924 1925 731d23d-731d240 1921->1925 1922->1921 1924->1925 1932 731d242-731d284 1925->1932 1933 731d289-731d28c 1925->1933 1932->1933 1935 731d2d5-731d2d8 1933->1935 1936 731d28e-731d29d 1933->1936 1939 731db2d-731db49 1934->1939 1940 731db4e-731db51 1934->1940 1946 731d321-731d324 1935->1946 1947 731d2da-731d31c 1935->1947 1942 731d2ac-731d2b8 1936->1942 1943 731d29f-731d2a4 1936->1943 1939->1940 1951 731db53-731db7f 1940->1951 1952 731db84-731db87 1940->1952 1942->1918 1948 731d2be-731d2d0 1942->1948 1943->1942 1949 731d326-731d368 1946->1949 1950 731d36d-731d370 1946->1950 1947->1946 1948->1935 1949->1950 1955 731d372-731d3b4 1950->1955 1956 731d3b9-731d3bc 1950->1956 1951->1952 1959 731db96-731db98 1952->1959 1960 731db89 1952->1960 1955->1956 1967 731d3cb-731d3ce 1956->1967 1968 731d3be-731d3c0 1956->1968 1969 731db9a 1959->1969 1970 731db9f-731dba2 1959->1970 2170 731db89 call 731dc45 1960->2170 2171 731db89 call 731dc58 1960->2171 1972 731d3d4-731d3d7 1967->1972 1973 731d5bc-731d5c8 1967->1973 1980 731d477-731d480 1968->1980 1981 731d3c6 1968->1981 1969->1970 1970->1934 1971 731dba4-731dbb3 1970->1971 1998 731dbb5-731dc18 call 7316328 1971->1998 1999 731dc1a-731dc2f 1971->1999 1983 731d3d9-731d3f5 1972->1983 1984 731d3fa-731d3fd 1972->1984 1973->1911 1986 731d5ce-731d8bb 1973->1986 1978 731db8f-731db91 1978->1959 1988 731d482-731d487 1980->1988 1989 731d48f-731d49b 1980->1989 1981->1967 1983->1984 1992 731d40c-731d40f 1984->1992 1993 731d3ff-731d401 1984->1993 2123 731d8c1-731d8c7 1986->2123 2124 731dae2-731daec 1986->2124 1988->1989 1996 731d4a1-731d4b5 1989->1996 1997 731d5ac-731d5b1 1989->1997 2004 731d411-731d453 1992->2004 2005 731d458-731d45b 1992->2005 2002 731d407 1993->2002 2003 731d5b9 1993->2003 1996->2003 2016 731d4bb-731d4cd 1996->2016 1997->2003 1998->1999 2026 731dc30 1999->2026 2002->1992 2003->1973 2004->2005 2013 731d465-731d467 2005->2013 2014 731d45d-731d462 2005->2014 2022 731d469 2013->2022 2023 731d46e-731d471 2013->2023 2014->2013 2033 731d4f1-731d4f3 2016->2033 2034 731d4cf-731d4d5 2016->2034 2022->2023 2023->1910 2023->1980 2026->2026 2042 731d4fd-731d509 2033->2042 2036 731d4d7 2034->2036 2037 731d4d9-731d4e5 2034->2037 2041 731d4e7-731d4ef 2036->2041 2037->2041 2041->2042 2050 731d517 2042->2050 2051 731d50b-731d515 2042->2051 2054 731d51c-731d51e 2050->2054 2051->2054 2054->2003 2056 731d524-731d540 call 7316328 2054->2056 2065 731d542-731d547 2056->2065 2066 731d54f-731d55b 2056->2066 2065->2066 2066->1997 2068 731d55d-731d5aa 2066->2068 2068->2003 2125 731d8d6-731d8df 2123->2125 2126 731d8c9-731d8ce 2123->2126 2125->1918 2127 731d8e5-731d8f8 2125->2127 2126->2125 2129 731dad2-731dadc 2127->2129 2130 731d8fe-731d904 2127->2130 2129->2123 2129->2124 2131 731d913-731d91c 2130->2131 2132 731d906-731d90b 2130->2132 2131->1918 2133 731d922-731d943 2131->2133 2132->2131 2136 731d952-731d95b 2133->2136 2137 731d945-731d94a 2133->2137 2136->1918 2138 731d961-731d97e 2136->2138 2137->2136 2138->2129 2141 731d984-731d98a 2138->2141 2141->1918 2142 731d990-731d9a9 2141->2142 2144 731dac5-731dacc 2142->2144 2145 731d9af-731d9d6 2142->2145 2144->2129 2144->2141 2145->1918 2148 731d9dc-731d9e6 2145->2148 2148->1918 2149 731d9ec-731da03 2148->2149 2151 731da12-731da2d 2149->2151 2152 731da05-731da10 2149->2152 2151->2144 2157 731da33-731da4c call 7316328 2151->2157 2152->2151 2161 731da5b-731da64 2157->2161 2162 731da4e-731da53 2157->2162 2161->1918 2163 731da6a-731dabe 2161->2163 2162->2161 2163->2144 2170->1978 2171->1978
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5660ff5ad9a545a191aa45a53499514e4364c232e519d78f1101ea682a817c7
                                          • Instruction ID: 1dda73fff654e9daa15b6a07a73d778ae9d28f4e0992c44a686ba59bd538b231
                                          • Opcode Fuzzy Hash: c5660ff5ad9a545a191aa45a53499514e4364c232e519d78f1101ea682a817c7
                                          • Instruction Fuzzy Hash: 3A622B7071120BCFEB19DF68D990A5EB7A2FF85304F208A68D4099B355DB75ED86CB80
                                          Function 0731AE58 Relevance: .4, Instructions: 394COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f871a09694cb977957f1c5c1bd98469b8b292998d09341344f96a63006ca3c14
                                          • Instruction ID: 8a5f6dad21c53fff84aee4fff6e41ba4977fe8e3d6b7ecf5059c8502b94e47c2
                                          • Opcode Fuzzy Hash: f871a09694cb977957f1c5c1bd98469b8b292998d09341344f96a63006ca3c14
                                          • Instruction Fuzzy Hash: E2E173B0A0120A8FEB19DF64D8806AEF7B2FF89301F608529D409DB355DB75DD46CB91
                                          Function 07316369 Relevance: .3, Instructions: 312COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d43e8a19b47c96337199da1f42bbd79644e860614e34d1e4e3e3eeaf39277288
                                          • Instruction ID: 71126e7eef3c66cb7a60938f6521d6a7ce37979d9696f28a7902389748a86fdc
                                          • Opcode Fuzzy Hash: d43e8a19b47c96337199da1f42bbd79644e860614e34d1e4e3e3eeaf39277288
                                          • Instruction Fuzzy Hash: 4AC16FB4A00116CFEB18DBA8D5956ADB7B2FF88311F248869E80ADB354DF35DD41CB41
                                          Function 0731B3AF Relevance: .3, Instructions: 294COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ab6c7289ebd38d77718b1a116160c5af53b5da8109e0405dc56e51e484865be
                                          • Instruction ID: 58052e0ab549d35f678ac2b94680bc09b0d8089ddd0ef7ee9954817fecb0e34e
                                          • Opcode Fuzzy Hash: 0ab6c7289ebd38d77718b1a116160c5af53b5da8109e0405dc56e51e484865be
                                          • Instruction Fuzzy Hash: DBB140F4A0010A9FFF28DB6CD4907AEF7B6EB89310F608425E509E7395DA34DD818B61
                                          Function 07318BB0 Relevance: .3, Instructions: 262COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5bb3000993d2df9da22632813353c5430d9a0a01448e7c17a6b32dec2a6f02a
                                          • Instruction ID: 2c7d8db0fc101bd3d5b1eed57b03615900bba3c1ba5a9e1dee6f9602174122fc
                                          • Opcode Fuzzy Hash: b5bb3000993d2df9da22632813353c5430d9a0a01448e7c17a6b32dec2a6f02a
                                          • Instruction Fuzzy Hash: ADA15E70B012568FEB58DB74D4507AEB7B2FF89310F2045A9D40AEB341DA35DD85CB91
                                          Function 0731B7D8 Relevance: .3, Instructions: 262COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38ef33c89589802ebaf1c96f6012d68d0aedd4ecd081fa5f7044f665a35e9b3a
                                          • Instruction ID: 25ad4b28eecc768009ed3e9263067d7df89d55fc75f0e3a0308e9aea4f56b3ad
                                          • Opcode Fuzzy Hash: 38ef33c89589802ebaf1c96f6012d68d0aedd4ecd081fa5f7044f665a35e9b3a
                                          • Instruction Fuzzy Hash: FEA10AF0E0024A8BFF28CA59D480BADF7B1FB49314F64892AE459DB791D634EC81CB51
                                          Function 073192D8 Relevance: .2, Instructions: 231COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 650aa3166a3b888850b351baa0c330ee1f5a62ae2129cb62094d6e5934c472bc
                                          • Instruction ID: b86fc81fb6e1e9947201e6c860f78832082fc58b8c1d7ed433d417fef7d57035
                                          • Opcode Fuzzy Hash: 650aa3166a3b888850b351baa0c330ee1f5a62ae2129cb62094d6e5934c472bc
                                          • Instruction Fuzzy Hash: 71915570B0119A9FEB54DF64D86076EB7B6EFC4210F108565D80AEB384EB35ED428B51
                                          Function 07315F78 Relevance: .2, Instructions: 229COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc5f670e139ef4db1c50917b5fe05b9bbc0160a468df78d999326bb77e788bd8
                                          • Instruction ID: 26fe60b4e909e99f22398e80cc92e31975e4bc95a27b5f2e58948907fa5e9284
                                          • Opcode Fuzzy Hash: dc5f670e139ef4db1c50917b5fe05b9bbc0160a468df78d999326bb77e788bd8
                                          • Instruction Fuzzy Hash: 266181B1F011128BEF149A6EC840A6FFBD7AFC4260B15443AE90EDB3A0DE65DD028795
                                          Function 07314051 Relevance: .2, Instructions: 221COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8705a1ff18644a6a719cd38c49facf63f5f7958bbd92cd4c32df494c937072c3
                                          • Instruction ID: e26a74fa1ebb306e359a8e2133db65cc3bb6364402bd4ab42f8f4deec527cc20
                                          • Opcode Fuzzy Hash: 8705a1ff18644a6a719cd38c49facf63f5f7958bbd92cd4c32df494c937072c3
                                          • Instruction Fuzzy Hash: A1814E74B012868BEF18DFA9D45466EB7F3EF88300F208529D40ADB394EA35DD428B51
                                          Function 07314370 Relevance: .2, Instructions: 220COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cefd7ca23fd32ab6150e7d910467f80f0e4c13dd68601794be282103298d82c5
                                          • Instruction ID: 9c596c1cfa06ee49c19fe8196a1e412627ffd51fc3b20bb8013eee0f8c10e836
                                          • Opcode Fuzzy Hash: cefd7ca23fd32ab6150e7d910467f80f0e4c13dd68601794be282103298d82c5
                                          • Instruction Fuzzy Hash: 35914D70A0025A8FEF24DF68C850B9DB7B1FF85300F208699D54DEB295DB71AA85CF91
                                          Function 07314060 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ab0053664173968e3788c93be224fcb3b5727eb6a4447324237f9c1da1bdc5b
                                          • Instruction ID: 5669ead8d6cd68c5667962373abecf2ccf4034e282cbcc835bb4056b7433477f
                                          • Opcode Fuzzy Hash: 5ab0053664173968e3788c93be224fcb3b5727eb6a4447324237f9c1da1bdc5b
                                          • Instruction Fuzzy Hash: DE814F74B0128A8BEF18DFA9D45476EB7F7EF88300F208529D40ADB394EA35DD428B51
                                          Function 07314388 Relevance: .2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 413f891394e8c4cf888d59d9eb7fb8d76013e6d6c20d0d99bd2e4426e3339a30
                                          • Instruction ID: b9c025b7af785bffebb0faf0b10050ec85cab6359d67d5434101a5fd9b6be029
                                          • Opcode Fuzzy Hash: 413f891394e8c4cf888d59d9eb7fb8d76013e6d6c20d0d99bd2e4426e3339a30
                                          • Instruction Fuzzy Hash: 68913D70E0065A8BEF24DF68C880B9DB7B1FF89310F208599D54DAB345DB71AA85CF91
                                          Function 0731ECA7 Relevance: .2, Instructions: 205COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b169b6a0db83252739e41fc2903d68521a3bc08a2c3e66977ba145e9fb0b450a
                                          • Instruction ID: bf512c49acc77b6f90e72101f228bc6422f00f678e8522e31138ae4881f373b5
                                          • Opcode Fuzzy Hash: b169b6a0db83252739e41fc2903d68521a3bc08a2c3e66977ba145e9fb0b450a
                                          • Instruction Fuzzy Hash: 61714070A0124A8FEB18DFA8D980A9DBBF6FF88301F548429D409DB354DB31ED46CB50
                                          Function 0731ECB8 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d87c800cf7b3f7ce288bb90594de776274bd08c8b034e7a4d00fef4930d3241
                                          • Instruction ID: f7b0897104334b7dfd6c8a9a86d5ce351903ec153cc0e4d205576b337fa7f89e
                                          • Opcode Fuzzy Hash: 0d87c800cf7b3f7ce288bb90594de776274bd08c8b034e7a4d00fef4930d3241
                                          • Instruction Fuzzy Hash: 31713070A0124A9FEB18DFA9D980A9DBBF6FF88301F548429D409DB354DB31ED46CB51
                                          Function 07315670 Relevance: .2, Instructions: 193COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9caee37d64f5e7d019b129d032f5ba4ce4753ddb9890851c4b1c6456b00fde5f
                                          • Instruction ID: 50a870f053b84fb83e1ff5ce31a4bac17f5fbb4ccecd744f7876fa67dd532ceb
                                          • Opcode Fuzzy Hash: 9caee37d64f5e7d019b129d032f5ba4ce4753ddb9890851c4b1c6456b00fde5f
                                          • Instruction Fuzzy Hash: D7617671F012559BEB14DFB4D990AAEBBB6EF84310F244428E806AB345DE74ED46CB80
                                          Function 07314920 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2521d8e1004fd21991872fd8b9231c3a481c35568a31a376a50c3044cbf15649
                                          • Instruction ID: 38b2f9a07a0591f595ddc362d6704bf9b425de8e6293b2dad44c5993292641ba
                                          • Opcode Fuzzy Hash: 2521d8e1004fd21991872fd8b9231c3a481c35568a31a376a50c3044cbf15649
                                          • Instruction Fuzzy Hash: 4C617070A002199FEF149BE9C854BAEBBF6FF88310F208429E50AEB395DF754C458B51
                                          Function 0731F7CA Relevance: .2, Instructions: 169COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbdc09ed78f971352a6bfd80cc3b8e70419522ef35c2c55813593680fdb7eda0
                                          • Instruction ID: 603d48ff926daba87d8932412aaa72b1dd9e6501ad3c11c1b27439a298b306f2
                                          • Opcode Fuzzy Hash: fbdc09ed78f971352a6bfd80cc3b8e70419522ef35c2c55813593680fdb7eda0
                                          • Instruction Fuzzy Hash: 5A51A3B47021579FFF28666CD85476F3B5AEB89310F20442AE10EE7392C938CC85D792
                                          Function 073192C8 Relevance: .2, Instructions: 167COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa36999d1a0b5dcd5c50ae9391a13e9d29d083ac59a67ceaff3928e92075048f
                                          • Instruction ID: 18df83794756ff6bc460e86aa82ca877f5bfa403ef49de8144d191380a983831
                                          • Opcode Fuzzy Hash: aa36999d1a0b5dcd5c50ae9391a13e9d29d083ac59a67ceaff3928e92075048f
                                          • Instruction Fuzzy Hash: 84517370B011869FEB58DB78D86076E77F6EFC8210F148969D80ADB384EA35ED028B51
                                          Function 0731F7D8 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1976c02a274ef68dd09f8823d046c622fed3f046e369088fd971e64a1dc854a5
                                          • Instruction ID: 2988bf202a72b550b95ed6e7d08080bb1fa888898d96b1ecf47d27914253b340
                                          • Opcode Fuzzy Hash: 1976c02a274ef68dd09f8823d046c622fed3f046e369088fd971e64a1dc854a5
                                          • Instruction Fuzzy Hash: 3D517EB47121179BFF38666CD89472F3B5AEB89310F20442AE50EE7391C978CC85D7A2
                                          Function 07314910 Relevance: .1, Instructions: 142COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 303ba4656f49216765b554a536358aed723e45baef82f2e735aad0982d301d4b
                                          • Instruction ID: fcced9f18f74f682c09a32bc2d4b2d91882af1b11840c132d26c92c4b5958525
                                          • Opcode Fuzzy Hash: 303ba4656f49216765b554a536358aed723e45baef82f2e735aad0982d301d4b
                                          • Instruction Fuzzy Hash: 65519470B102599FEB149BB9C854BAEBBF6FF88310F208529E506EB395DE758C01CB51
                                          Function 07315B3B Relevance: .1, Instructions: 138COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ac234bfc6d968625984dc7fcf1e24b487f2a06a4dddbb6e4c0acd0f7f9042e8
                                          • Instruction ID: 403328c3908c21b6ec265ec9eba18bc17233f5b3592ca53c15fadde8f8cb841d
                                          • Opcode Fuzzy Hash: 3ac234bfc6d968625984dc7fcf1e24b487f2a06a4dddbb6e4c0acd0f7f9042e8
                                          • Instruction Fuzzy Hash: 1E41E7B1A101158FEF1CDB78C0946ADBBF2AFC8300F25842AD45EEB240DA74DC51C795
                                          Function 07315B48 Relevance: .1, Instructions: 135COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eaf7ff0ca786e14a05016eaa6383befa3058264e8ea309c684835ebafbb3289d
                                          • Instruction ID: e5f297c157f83ced0f4212e6ef56ea0dc6547018a6b05783776751f221ff9f20
                                          • Opcode Fuzzy Hash: eaf7ff0ca786e14a05016eaa6383befa3058264e8ea309c684835ebafbb3289d
                                          • Instruction Fuzzy Hash: E141C4B1A111558BEB2CDB78C09466DBBF2AFC8310F258429D45EEB381CA74DC52C795
                                          Function 0731534B Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b8554a02dfab841fcf11fb412dbc9a29cf933833399a0e9c46743d223b60607
                                          • Instruction ID: 08346c6b19976814b501ae83488e3177d27f90714af34d110e509176d7f8472d
                                          • Opcode Fuzzy Hash: 3b8554a02dfab841fcf11fb412dbc9a29cf933833399a0e9c46743d223b60607
                                          • Instruction Fuzzy Hash: 134172B4A002168FEF348FA9C48076EB7B2FB85311F30493AE15ED7681CA75D951DB91
                                          Function 073151D8 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62cf15501f9102b7a5d9dbbc19c03544ce06360f64d45d58ee4b7ac8f61e00a5
                                          • Instruction ID: 3afc805fd44c8235e45f312c47abd78bd728105e868efe6f33519347a26cc8d2
                                          • Opcode Fuzzy Hash: 62cf15501f9102b7a5d9dbbc19c03544ce06360f64d45d58ee4b7ac8f61e00a5
                                          • Instruction Fuzzy Hash: 48414372A0060A8BEF34CF99D880BAFF7B5FB94210F10492AE15AD7640D371A9568B91
                                          Function 079C0006 Relevance: .1, Instructions: 122COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 940ed49ddca67bc336f78ca288a2cde3efbbd158640e81cc0fa49a929c0aae35
                                          • Instruction ID: ab56514e8f58792b5acf6bae4491f4f0daf39686933ce70f60c491e12934df4c
                                          • Opcode Fuzzy Hash: 940ed49ddca67bc336f78ca288a2cde3efbbd158640e81cc0fa49a929c0aae35
                                          • Instruction Fuzzy Hash: AB41A3B0A052468FDF22DB78DC906AEBBB1FF46314F1045AAD445EB351D6389D06CBA2
                                          Function 0731DC58 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4d7634c2514e938b486a73df6f0892db2586cd36bd5a95ff07ab80997c5c17d
                                          • Instruction ID: 453c625db496c1a8955ca12a45d993d73a319efa421d14631b98d7f7dff78af8
                                          • Opcode Fuzzy Hash: c4d7634c2514e938b486a73df6f0892db2586cd36bd5a95ff07ab80997c5c17d
                                          • Instruction Fuzzy Hash: 7A4151B1B1020ADFEB28DF65C95469EBBB2FF86340F208929D41AD7344DB70D946CB91
                                          Function 0731EF27 Relevance: .1, Instructions: 115COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8aa2834d84ab0ff6ba185ef16d5c55ea1ad6e6c3edf0d01e9be2313dc14f0bc9
                                          • Instruction ID: 3724bc8e048caf18013bc00ae5574238ea127c5e9d6c238b2a6f3a54a5e1eb08
                                          • Opcode Fuzzy Hash: 8aa2834d84ab0ff6ba185ef16d5c55ea1ad6e6c3edf0d01e9be2313dc14f0bc9
                                          • Instruction Fuzzy Hash: 3A314CB1B050524BFF29967898542AF7BA2EFCA311F15446DD94ECB381E922DD038782
                                          Function 0731DC45 Relevance: .1, Instructions: 113COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58322dd73e6ae9c72de83a81f24dc7c9b2f69a35b2d784f6bcc973ac9623df02
                                          • Instruction ID: 4a50c955382cee961bea74036998cc88cc76b3a658f464a9e112b40903bbd4b6
                                          • Opcode Fuzzy Hash: 58322dd73e6ae9c72de83a81f24dc7c9b2f69a35b2d784f6bcc973ac9623df02
                                          • Instruction Fuzzy Hash: 164161B1B10246DFEB29DF75C45069EBBB2FF86300F144929D80AD7240DB75D946CB81
                                          Function 07312290 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20e5089f4d38443411ebe6941c80b3d750fc264421036841285d4f7424678692
                                          • Instruction ID: 2eeb49cee6f9f18ca26e5b8c759fa398bd756531bd41882a957034d9a0a8e896
                                          • Opcode Fuzzy Hash: 20e5089f4d38443411ebe6941c80b3d750fc264421036841285d4f7424678692
                                          • Instruction Fuzzy Hash: E031C170B0020ACFEB589B34D95466F7BA7FF89600F244868D40ADB384DE36DD428B95
                                          Function 07312288 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2bfd8774c7304516e70721cc41c516e34b001efb8f133a5de27dea70eef189aa
                                          • Instruction ID: 293522b755f4ce13fb12490eb901561897ec3aa3e369c958d168a9c4bb9cd4e7
                                          • Opcode Fuzzy Hash: 2bfd8774c7304516e70721cc41c516e34b001efb8f133a5de27dea70eef189aa
                                          • Instruction Fuzzy Hash: 2431C070B002068FEB599B34D9546AF7BB3FF89600F244869D40ADB344DE36DD46CB94
                                          Function 0731DAF8 Relevance: .1, Instructions: 98COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af384751c989ef9c6a619a09d6f0475857d2c1aa6edaf4b068b574ac6ae5d9c6
                                          • Instruction ID: 78fc54031ffa75f98219b4f6dace0d9f38bac4cc66c9425bbb73614eb6bba294
                                          • Opcode Fuzzy Hash: af384751c989ef9c6a619a09d6f0475857d2c1aa6edaf4b068b574ac6ae5d9c6
                                          • Instruction Fuzzy Hash: A931A870A1064B9FEB19DF68D48069EBBB1FF46310F148919D406EB740DB70E946CB80
                                          Function 07312140 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b33227bc574e295f194b16baac8a42b59309f8376fc91d31c0fdb9619b48bd2c
                                          • Instruction ID: 233620472564cb5a86159e2ca9a9e7e8aba135b25df4b67f2623cb8c959c0921
                                          • Opcode Fuzzy Hash: b33227bc574e295f194b16baac8a42b59309f8376fc91d31c0fdb9619b48bd2c
                                          • Instruction Fuzzy Hash: 9C317E75F1020A9FEB18CFA4D89469FB7B2FF89300F108529E81AE7340DB70AD468B50
                                          Function 079C0040 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b1821656aa8ff74efb63724506b6aaeb689863fc6e9f612d867ded6f0893e97
                                          • Instruction ID: 1c715b9bd7402dbb92962092023db94f34030596c5388d8c24b07502d25cc2f7
                                          • Opcode Fuzzy Hash: 1b1821656aa8ff74efb63724506b6aaeb689863fc6e9f612d867ded6f0893e97
                                          • Instruction Fuzzy Hash: 83312FB4A01206CFEF20DB68DC80AAEB7B5FF85314F504529D509EB350EA35ED46CB92
                                          Function 0731DB08 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32de527cb40f8826723f425a8cc715a6f3710a1e5ef368633bf1f8e31cb12f57
                                          • Instruction ID: 5c6c357d2a553b084f439ea629a9170e104cb78c8cac36471720b046ab46f3de
                                          • Opcode Fuzzy Hash: 32de527cb40f8826723f425a8cc715a6f3710a1e5ef368633bf1f8e31cb12f57
                                          • Instruction Fuzzy Hash: BF316A70A1071B9BEB29DF69D98069EB7B5FF45310F108929E506E7340DB70E946CB81
                                          Function 07312150 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a952560e975b6a3dfe3dd90cbc6ad8431b10792c79fd5b5a3473c3dbb4e897b1
                                          • Instruction ID: 206fc6d5cae855478f2a05edd6240bada1087af90f8c5793ead8d32e45dd21c7
                                          • Opcode Fuzzy Hash: a952560e975b6a3dfe3dd90cbc6ad8431b10792c79fd5b5a3473c3dbb4e897b1
                                          • Instruction Fuzzy Hash: 7E314B74F1020A9BEB18CFA5D89469FB7B2BF89300F108529E85AE7340DB70AC46CB51
                                          Function 07313C59 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf0cc1280fb3463200da9cbfc08e9d2cd1956f7fd23f614ab20403360500ca2a
                                          • Instruction ID: a249866abe6bb647516940a9d4a9e4d21959a3bd6f3ff41d2fabe8504935e0ee
                                          • Opcode Fuzzy Hash: cf0cc1280fb3463200da9cbfc08e9d2cd1956f7fd23f614ab20403360500ca2a
                                          • Instruction Fuzzy Hash: BC218BB6A012569FDB04CFB8D840AADBBF1EF48310F148469E945E7350E734DD418B90
                                          Function 07313C68 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01db318545732b7bc7106f479771b62234242bd56978a9f31307db807e83e22d
                                          • Instruction ID: 48a3344356ddf025ccbf549bb4576f8c62bf37af9952edc35ea161c75c278baf
                                          • Opcode Fuzzy Hash: 01db318545732b7bc7106f479771b62234242bd56978a9f31307db807e83e22d
                                          • Instruction Fuzzy Hash: 38217CB5B012559FEB14DF69D840AAEBBF5FB48310F108069E905E7350E735DD01CB90
                                          Function 018BD20C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4616603388.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_18bd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eab9dd0e8bf04b9c27cb587d144cbf3af47df889a76a6c39fc0ab21f5f2ab862
                                          • Instruction ID: cfecd0874606b8ebad4feeefc61e9a3bd90564210e54d9f62bb5e5de797327b9
                                          • Opcode Fuzzy Hash: eab9dd0e8bf04b9c27cb587d144cbf3af47df889a76a6c39fc0ab21f5f2ab862
                                          • Instruction Fuzzy Hash: A1210471504284EFDB01DF54D5C4B6ABB65FB84338F20C66DD9098B342C37AE546CA61
                                          Function 018BD044 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4616603388.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_18bd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b70b67f9939fa48ee652c1a5b7ffa9f08ece3e9f1c9f88b156d16e4256ef666
                                          • Instruction ID: 076f8a2bf709efb54d8a45b9511eecf593059db17f14aca0a89ff7603b09da4f
                                          • Opcode Fuzzy Hash: 0b70b67f9939fa48ee652c1a5b7ffa9f08ece3e9f1c9f88b156d16e4256ef666
                                          • Instruction Fuzzy Hash: EB210071504208EFDB11DF64C9C0B66BB61FB84318F20C66DE9098B342C73AD447CA61
                                          Function 018BD3BC Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4616603388.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_18bd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 205d1cd7af02f7e3e672b8b4f679b2cef19e5c708f4b7293c5076e45b4020ad6
                                          • Instruction ID: aa4eb87c2d15b310f2b3e7ea84482f48ecd456d2ecd3f9ad7202d0f24ae7a018
                                          • Opcode Fuzzy Hash: 205d1cd7af02f7e3e672b8b4f679b2cef19e5c708f4b7293c5076e45b4020ad6
                                          • Instruction Fuzzy Hash: 5E213471600204EFDB05DF54D5C0BA6BB61FB8831CF20C66DD9098B393C37AE546CA61
                                          Function 07316A98 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56af869d69fecb33d35a6e24afc57d1bb7a0e1eec3d475d4bfb16a1b45ef27fa
                                          • Instruction ID: b1c2d131848ff3d33ad26f4e494d1abb34056a0f36143ce7d3582e906a9f8ea1
                                          • Opcode Fuzzy Hash: 56af869d69fecb33d35a6e24afc57d1bb7a0e1eec3d475d4bfb16a1b45ef27fa
                                          • Instruction Fuzzy Hash: 9D217271B01119DFEF18DAA9E9516AEB7B6EF84310F548469D40ADB380EA35ED418B80
                                          Function 073151CB Relevance: .1, Instructions: 67COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea2acc5dc6ab97316f46c166d859129f489098aac5a2ae917ea026b51160e498
                                          • Instruction ID: ff0a2b6c31619e508e08cd4e9aad2205062b00ae87a704cf86fc57a7a308b4f1
                                          • Opcode Fuzzy Hash: ea2acc5dc6ab97316f46c166d859129f489098aac5a2ae917ea026b51160e498
                                          • Instruction Fuzzy Hash: B0216271A0070A9FEB24CFB9C884AAFFBF2FB94200F104929E159D7651D770A955CB90
                                          Function 07313D78 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3225f8845cbd48056c184510cb9089697db4d834b237793107b278d88cf68202
                                          • Instruction ID: 150dc5b791e6b9dfb494cb013e95acf74d90673a5c85542b76fef3c774c5d02c
                                          • Opcode Fuzzy Hash: 3225f8845cbd48056c184510cb9089697db4d834b237793107b278d88cf68202
                                          • Instruction Fuzzy Hash: AC11AD36B111299BEB189A69D8146AF77EAEBC8611F008539D40BE7344EE34DC028B90
                                          Function 07313FB0 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 076242fafd2db292369c9e927e3337248cfc774ece908114ed0283cee63923b8
                                          • Instruction ID: c21361e33ad6cc9722a1ca756028fce95cf78338383d443c093f4f0436fecf48
                                          • Opcode Fuzzy Hash: 076242fafd2db292369c9e927e3337248cfc774ece908114ed0283cee63923b8
                                          • Instruction Fuzzy Hash: 6F01D4757011124FFF259A7D941476BB7E6EBC9710F14883AE14EC7781EE26ED024782
                                          Function 07313A30 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83466a5c1ebe7d69d0f928e229107aa6de352710ee250cd1d0efa9ddca81b583
                                          • Instruction ID: fad616f9b92ebf52a0271a6d97c0004d440efbb6176bf1f19b84ca95475173d8
                                          • Opcode Fuzzy Hash: 83466a5c1ebe7d69d0f928e229107aa6de352710ee250cd1d0efa9ddca81b583
                                          • Instruction Fuzzy Hash: 9421E0B5D0021AEFDB04CFAAD885ADEFBB4BB48310F10812AE518A7250D375A954CFA5
                                          Function 07313D68 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40211dbd7aa46831b0168356729def3471f4115cdf51e94133c643381cd04978
                                          • Instruction ID: e96ff81c9e6633d100fdeef3f7630c7f7ca12a8abe8383896e41d4a8974e25d0
                                          • Opcode Fuzzy Hash: 40211dbd7aa46831b0168356729def3471f4115cdf51e94133c643381cd04978
                                          • Instruction Fuzzy Hash: BD012436B011625BEB099639DC142FF3BEADFC9221F14047AC04ADB384EA218C02CBD1
                                          Function 07313218 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0b723af7c2437ef34b51acda2f8dc706a0efbeee00f2afcab21011d883a4b51
                                          • Instruction ID: 34e56a6fb81914b8acc46e50204661fe2d6909222e31247ab8e3fecdcd17c5de
                                          • Opcode Fuzzy Hash: f0b723af7c2437ef34b51acda2f8dc706a0efbeee00f2afcab21011d883a4b51
                                          • Instruction Fuzzy Hash: 170184B1E002299BEF58EBB9D8505DEF7F6EB89310F1085AAD50AF7304DA31D941CB90
                                          Function 018BD207 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4616603388.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_18bd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
                                          • Instruction ID: ccd29ad7068966403f11360086daf43d2677019346c9279bebfe3d987ab60d98
                                          • Opcode Fuzzy Hash: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
                                          • Instruction Fuzzy Hash: BB110D76404284DFCB12CF44C5C0B56BF61FB84328F24C2AADC084B742C33AE40ACBA2
                                          Function 018BD03F Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4616603388.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_18bd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: b923cdbd138909b3b3aa3e4445e756c224626cef6bbf02827fafa6fe0e775c64
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: F611A9755042849FCB12CF54C9C4B56BBA2FB84318F24C6A9D8498B356C33AD44ACB62
                                          Function 018BD3B7 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4616603388.00000000018BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_18bd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: 20c549bde2b45e5b81851200137940aa738fd0cea6a9a72802aac7c746319f05
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: EA11BB75504280DFCB02CF54D5C4B95BFA2FB84318F24C6AAD8498B357C33AE50ACBA1
                                          Function 07313A38 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64f72813b2d522403ee93b4b14be377ca7643359b620c49a1c902c2c169b0b3b
                                          • Instruction ID: 97bafb49a6dfbc01419b55b6625e70096b8c16eb42ea086c93371fd2c54bccfe
                                          • Opcode Fuzzy Hash: 64f72813b2d522403ee93b4b14be377ca7643359b620c49a1c902c2c169b0b3b
                                          • Instruction Fuzzy Hash: AB11E2B5D01219AFDB00CF9AD884ACEFBB4FB48310F10812AE918B7340C374A954CFA5
                                          Function 0731A490 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39035568aeab9335d421e986436a73bc99c0dd3a76120fc3abf286cc524b5964
                                          • Instruction ID: 034d84831ff03d4482a831f65cdd74d986e43a8403465320310a18d3c97a69d9
                                          • Opcode Fuzzy Hash: 39035568aeab9335d421e986436a73bc99c0dd3a76120fc3abf286cc524b5964
                                          • Instruction Fuzzy Hash: E401DFB57021524FEB2586BCD465B6B77E2EF89722F208439E08EC7380EE25DD428741
                                          Function 07313FC0 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9969baf835d2fc9ce06f2fdf07a1b90fbb43d2ff02a26524b5c6ad1bf947038b
                                          • Instruction ID: 7c6248e112f6dbb04890d791f26fb2645b534a90a6044b1d042bd5d1553b9ad8
                                          • Opcode Fuzzy Hash: 9969baf835d2fc9ce06f2fdf07a1b90fbb43d2ff02a26524b5c6ad1bf947038b
                                          • Instruction Fuzzy Hash: 510181757000120BFF68956E945572BB7EAEBC9710F148839F50EC7380ED67EC024392
                                          Function 0731EF38 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a4cdeef23d57f50fa9aad33f82f0d5d215ec88df82348a6232137ac86b088d
                                          • Instruction ID: 9d46e507ad89a7511cc91f4ce565fb5a0cb35530cbf5fd9c7135ebf6dbe07aaf
                                          • Opcode Fuzzy Hash: b4a4cdeef23d57f50fa9aad33f82f0d5d215ec88df82348a6232137ac86b088d
                                          • Instruction Fuzzy Hash: B2018C75B410124BFB29956D9454B2FA7D6DBC9A22F548429F90EC7380EE66ED024381
                                          Function 0731A4A0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52771dfba4340376ffa76742feecca48630133d0fa22f782be61ffbb229ae5cb
                                          • Instruction ID: a5d0dfb0bd5c93beebf43dce2f749e7ae3de6d3473e01a6ed8e5ec881c5227f5
                                          • Opcode Fuzzy Hash: 52771dfba4340376ffa76742feecca48630133d0fa22f782be61ffbb229ae5cb
                                          • Instruction Fuzzy Hash: 750181707020624FFB28966CE464B2B73D5EB89726F10C439E18FC7340EE25ED028781
                                          Function 0731C968 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d9f46b30608ce16cd4904578ebdc2c66d688bde17c20c527cf6baa40a8415ddb
                                          • Instruction ID: deed0599a71266a755ae26da860c81633c5f48d8fde718cae08134fc891ed072
                                          • Opcode Fuzzy Hash: d9f46b30608ce16cd4904578ebdc2c66d688bde17c20c527cf6baa40a8415ddb
                                          • Instruction Fuzzy Hash: D3012871B112299BEF28DA69E840A9EB775FF85350F004439E905E7340EB32EC04C791
                                          Function 079C0248 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8df52e931ba84904f3c34f096438c0e1082da68af49091079549bd8aa7828b6d
                                          • Instruction ID: be09bdff2ef7e233579f041f5d81ec1745a150c248fcb8fc3a4434925485a6a4
                                          • Opcode Fuzzy Hash: 8df52e931ba84904f3c34f096438c0e1082da68af49091079549bd8aa7828b6d
                                          • Instruction Fuzzy Hash: 4DF0E7B4E0420ADFDB54DFA9D805AAEBFF8AB48210F108869D954E7241D77495418BA1
                                          Function 079C0258 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f84f3c008471a1d2697c7800ac8e653221e10c2f7d60c7cf8444810f2898dc9
                                          • Instruction ID: 09201a84667b4d9126101fd3ec5afb9015bcc1245186f2d239d51130bb86113d
                                          • Opcode Fuzzy Hash: 1f84f3c008471a1d2697c7800ac8e653221e10c2f7d60c7cf8444810f2898dc9
                                          • Instruction Fuzzy Hash: 08F0DAB0D0420ADFEB54DFA9D842AAEBBF4AB48304F1089A9D918E7241E77495008B91
                                          Function 079C01F0 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c4ef0e6cc9bffded5b5b9a8c45cb55225b7ae9f54f0cfacda6d9b349143e28b
                                          • Instruction ID: 0a68378379f5bb53e8e8c180ec3452afe5e2679550cf031fb41b003eaa97eec9
                                          • Opcode Fuzzy Hash: 1c4ef0e6cc9bffded5b5b9a8c45cb55225b7ae9f54f0cfacda6d9b349143e28b
                                          • Instruction Fuzzy Hash: BDF030B1D04619DFCB40DF7CC918A9ABFF4EB08614F2088A9D095D7611D770A6068B92
                                          Function 073161F8 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c1901a6ba22a2faacbba9ceb1d97894f98eef10ab7a58ffa81a6936e187e68f
                                          • Instruction ID: 17e6b21b433adcfe40c178c6bb36cceeeeae7450f5c7f6299329d9f0ea49a97d
                                          • Opcode Fuzzy Hash: 9c1901a6ba22a2faacbba9ceb1d97894f98eef10ab7a58ffa81a6936e187e68f
                                          • Instruction Fuzzy Hash: 0BE09BB190D38B9FEB118AF0D54629877689F06228F1882D6D859CB141D779C9578B42
                                          Function 07316208 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4651584072.0000000007310000.00000040.00000800.00020000.00000000.sdmp, Offset: 07310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_7310000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed75c29df3b40a01f2b47fcc3a74a953e4bc8c8e9f739aa756a572428812f8e7
                                          • Instruction ID: 86c020c6993fdbe48e505a062ee5739dace01b96c141476307f6c9af7f81137f
                                          • Opcode Fuzzy Hash: ed75c29df3b40a01f2b47fcc3a74a953e4bc8c8e9f739aa756a572428812f8e7
                                          • Instruction Fuzzy Hash: 1CE012B1E0510EEBEF24DEF4EA4675EB7ADD705214F2088E9D90DC7201EA76DA028781
                                          Function 079C0200 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47f85bd566dfd1afbee094c37adef6fc6b2a1cdbb8ccf47d5869af02514262a0
                                          • Instruction ID: 89555d37ef08151a04eadb3d4632481906dc2521a19cce8dc49ff98fbde00cb9
                                          • Opcode Fuzzy Hash: 47f85bd566dfd1afbee094c37adef6fc6b2a1cdbb8ccf47d5869af02514262a0
                                          • Instruction Fuzzy Hash: 20E092B0D44209DFDB40EFA9C905A5EBBF4AB08314F1189A9D019E7211E7B496048F91
                                          Function 079C02F8 Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.4653952371.00000000079C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_79c0000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f76eb44f50a289956b79dd027d125dac539270a8b921045bc7b4d936dbb244e
                                          • Instruction ID: ad983130ae035004967cdefbf92b85d729d962a61df6506198779e8c41550a8f
                                          • Opcode Fuzzy Hash: 3f76eb44f50a289956b79dd027d125dac539270a8b921045bc7b4d936dbb244e
                                          • Instruction Fuzzy Hash: ABD01232100109DF9B40EB95FC44C5BB7DCBB64744B408023E548C7520E621E434E796

                                          Execution Graph

                                          Execution Coverage:8.9%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:43
                                          Total number of Limit Nodes:1
                                          execution_graph 15421 29c4668 15422 29c467a 15421->15422 15423 29c4686 15422->15423 15425 29c4779 15422->15425 15426 29c479d 15425->15426 15430 29c4888 15426->15430 15434 29c4878 15426->15434 15432 29c48af 15430->15432 15431 29c498c 15431->15431 15432->15431 15438 29c44b0 15432->15438 15436 29c4888 15434->15436 15435 29c498c 15435->15435 15436->15435 15437 29c44b0 CreateActCtxA 15436->15437 15437->15435 15439 29c5918 CreateActCtxA 15438->15439 15441 29c59cf 15439->15441 15442 29cacb0 15445 29cada8 15442->15445 15443 29cacbf 15446 29caddc 15445->15446 15447 29cadb9 15445->15447 15446->15443 15447->15446 15453 29cb030 15447->15453 15457 29cb040 15447->15457 15448 29cadd4 15448->15446 15449 29cafe0 GetModuleHandleW 15448->15449 15450 29cb00d 15449->15450 15450->15443 15454 29cb054 15453->15454 15455 29cb079 15454->15455 15461 29ca130 15454->15461 15455->15448 15458 29cb054 15457->15458 15459 29cb079 15458->15459 15460 29ca130 LoadLibraryExW 15458->15460 15459->15448 15460->15459 15462 29cb220 LoadLibraryExW 15461->15462 15464 29cb299 15462->15464 15464->15455 15465 29cd040 15466 29cd086 15465->15466 15470 29cd618 15466->15470 15473 29cd628 15466->15473 15467 29cd173 15476 29cd27c 15470->15476 15474 29cd656 15473->15474 15475 29cd27c DuplicateHandle 15473->15475 15474->15467 15475->15474 15477 29cd690 DuplicateHandle 15476->15477 15478 29cd656 15477->15478 15478->15467

                                          Executed Functions

                                          Function 029CADA8 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 029CAFFE
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 2712207440bda9fd394e1425d3ab31b37c21952521af01c6181b411d447871ab
                                          • Instruction ID: dd86028300e3353646dd3150774bbce125c4266d2c2a234469a4cb4160070854
                                          • Opcode Fuzzy Hash: 2712207440bda9fd394e1425d3ab31b37c21952521af01c6181b411d447871ab
                                          • Instruction Fuzzy Hash: 3E7135B0A00B098FE724DF29D44475ABBF5BF88344F108A2DD186D7A50DB75E849CF92
                                          Function 029C44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 57 29c44b0-29c59d9 CreateActCtxA 60 29c59db-29c59e1 57->60 61 29c59e2-29c5a3c 57->61 60->61 68 29c5a3e-29c5a41 61->68 69 29c5a4b-29c5a4f 61->69 68->69 70 29c5a60-29c5a90 69->70 71 29c5a51-29c5a5d 69->71 75 29c5a42-29c5a4a 70->75 76 29c5a92-29c5b14 70->76 71->70 75->69 79 29c59cf-29c59d9 75->79 79->60 79->61
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 029C59C9
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: df9a843ee9bcf2e34481a93a9342eb9221f9fe462c4a507483db74a738f6c6d7
                                          • Instruction ID: 00f038ac0b9bb1adc155ebf82cd41e48b6f748914554ed2d8619f75618f48d79
                                          • Opcode Fuzzy Hash: df9a843ee9bcf2e34481a93a9342eb9221f9fe462c4a507483db74a738f6c6d7
                                          • Instruction Fuzzy Hash: D141BF70C0071DCBDB24DFAAC884B9EBBB5BF49704F6081AAD408AB251DB756945CF91
                                          Function 029C590D Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 80 29c590d-29c5913 81 29c5918-29c59d9 CreateActCtxA 80->81 83 29c59db-29c59e1 81->83 84 29c59e2-29c5a3c 81->84 83->84 91 29c5a3e-29c5a41 84->91 92 29c5a4b-29c5a4f 84->92 91->92 93 29c5a60-29c5a90 92->93 94 29c5a51-29c5a5d 92->94 98 29c5a42-29c5a4a 93->98 99 29c5a92-29c5b14 93->99 94->93 98->92 102 29c59cf-29c59d9 98->102 102->83 102->84
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 029C59C9
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 1f21463d01f84332e2abeca4a9d4c58f43f4ee1ccaa5a1d62f0b20accebec86c
                                          • Instruction ID: b6eabf4cc484c922dc7f8602f1ae9988870dbde3b70e51ff23c08c7175f3b3c9
                                          • Opcode Fuzzy Hash: 1f21463d01f84332e2abeca4a9d4c58f43f4ee1ccaa5a1d62f0b20accebec86c
                                          • Instruction Fuzzy Hash: F141BFB1C0061DDBDB24CFAAC884BCEBBF5BF49704F60819AD408AB251DB756945CF91
                                          Function 029CD751 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 103 29cd751-29cd758 104 29cd75a-29cd87e 103->104 105 29cd714-29cd724 DuplicateHandle 103->105 106 29cd72d-29cd74a 105->106 107 29cd726-29cd72c 105->107 107->106
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,029CD656,?,?,?,?,?), ref: 029CD717
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 5fe14c675f32090b2dbba00ca28dbaad018a787cded0b7f16c7b605dbd2c79d5
                                          • Instruction ID: e4d19e22fbbafe862905319685281754d69c6dbe7599f31f5706136184823b10
                                          • Opcode Fuzzy Hash: 5fe14c675f32090b2dbba00ca28dbaad018a787cded0b7f16c7b605dbd2c79d5
                                          • Instruction Fuzzy Hash: CC31C478A403818FEB009F60E489B793BA6F7C5358F568929E9618B7C9CB780956CF10
                                          Function 029CD27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 121 29cd27c-29cd724 DuplicateHandle 123 29cd72d-29cd74a 121->123 124 29cd726-29cd72c 121->124 124->123
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,029CD656,?,?,?,?,?), ref: 029CD717
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: edefd1ead35f1d31002f48bcca02d2b3f4d94a11e92c9745c35b0fdfb986431d
                                          • Instruction ID: 90682243390a2fd663ef47c34d393430941db1c6c5643c216bf5d5ae762eeda8
                                          • Opcode Fuzzy Hash: edefd1ead35f1d31002f48bcca02d2b3f4d94a11e92c9745c35b0fdfb986431d
                                          • Instruction Fuzzy Hash: E421E6B5D00349EFDB10CF9AD584ADEBBF8EB48310F14842AE918A7310D375A950CFA5
                                          Function 029CD689 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 127 29cd689-29cd724 DuplicateHandle 128 29cd72d-29cd74a 127->128 129 29cd726-29cd72c 127->129 129->128
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,029CD656,?,?,?,?,?), ref: 029CD717
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: bec6d0a9a89143c64e4bf5dc664ea95bdc324723b4cd69898b814b1ab0bff637
                                          • Instruction ID: 03bfdab013434d36ec4f1bcb22c30c8f7e73846ed18388b5b05c95c5e0f4c6a4
                                          • Opcode Fuzzy Hash: bec6d0a9a89143c64e4bf5dc664ea95bdc324723b4cd69898b814b1ab0bff637
                                          • Instruction Fuzzy Hash: C921E2B5D00249DFDB10CFA9D584ADEBBF4EB48324F24842AE918B7210C378A954CFA5
                                          Function 029CA130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 132 29ca130-29cb260 134 29cb268-29cb297 LoadLibraryExW 132->134 135 29cb262-29cb265 132->135 136 29cb299-29cb29f 134->136 137 29cb2a0-29cb2bd 134->137 135->134 136->137
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,029CB079,00000800,00000000,00000000), ref: 029CB28A
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 9e2b582f2a4494e39c86473d5bdb4a3464541acab4f928ec5604839753df5f00
                                          • Instruction ID: 6827c3dc660f40728a671ac3385eb8cb09f89e0ffcd5fce5c19285c22c46af99
                                          • Opcode Fuzzy Hash: 9e2b582f2a4494e39c86473d5bdb4a3464541acab4f928ec5604839753df5f00
                                          • Instruction Fuzzy Hash: BE1114B69003099FDB10CF9AD444BDEFBF8EB48314F10842ED519A7210C375A544CFA5
                                          Function 029CB218 Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 140 29cb218-29cb260 141 29cb268-29cb297 LoadLibraryExW 140->141 142 29cb262-29cb265 140->142 143 29cb299-29cb29f 141->143 144 29cb2a0-29cb2bd 141->144 142->141 143->144
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,029CB079,00000800,00000000,00000000), ref: 029CB28A
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: d6cd99142f24d3f3393eba97ba8d73af60c3fc2fe459986bdf027854d81cbd29
                                          • Instruction ID: c3445d130a16be337875164887136dec8e05a1a8a7cbd4fb998678881a196c79
                                          • Opcode Fuzzy Hash: d6cd99142f24d3f3393eba97ba8d73af60c3fc2fe459986bdf027854d81cbd29
                                          • Instruction Fuzzy Hash: 5B1112B69003498FDB10CFAAD585BDEFBF4AB48314F24842ED419A7210C379A545CFA5
                                          Function 029CAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 147 29caf98-29cafd8 148 29cafda-29cafdd 147->148 149 29cafe0-29cb00b GetModuleHandleW 147->149 148->149 150 29cb00d-29cb013 149->150 151 29cb014-29cb028 149->151 150->151
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 029CAFFE
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2368321640.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_29c0000_Logon32.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 357ccaaf05d5394824e24ba84256d4cd4749e6b8e7dc7235c0b0cbb793e8cf4b
                                          • Instruction ID: d57f2abb831227bcca4951effb0aaea933325da00765b63609127e22cfcfd76c
                                          • Opcode Fuzzy Hash: 357ccaaf05d5394824e24ba84256d4cd4749e6b8e7dc7235c0b0cbb793e8cf4b
                                          • Instruction Fuzzy Hash: 901113B5C003498FDB10CF9AD444BDEFBF8AF88224F20841AD429A7210C375A545CFA1
                                          Function 028ED68C Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367638041.00000000028ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 028ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28ed000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4613c10e69fe3f4a2d61db4fd387291bc315881771c2b61febb859c9853ed1bd
                                          • Instruction ID: e5004105c96c572ed11cc71dbba89c4850895928d5433081b436ee7935b667f2
                                          • Opcode Fuzzy Hash: 4613c10e69fe3f4a2d61db4fd387291bc315881771c2b61febb859c9853ed1bd
                                          • Instruction Fuzzy Hash: A12127BA100244DFDF059F10D9C0B16BBAAFB88318F208658E90E4B256C336C45ACBA1
                                          Function 028ED1FC Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367638041.00000000028ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 028ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28ed000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fc0e5a308cadd8d8fd7fdc1b096c61c6f4f94ce74b5ee29682c06b55742e0209
                                          • Instruction ID: eccec5ec471f078eecf6df1f9ac5eb23c3a957bed3c293f4ed89784d43d008b3
                                          • Opcode Fuzzy Hash: fc0e5a308cadd8d8fd7fdc1b096c61c6f4f94ce74b5ee29682c06b55742e0209
                                          • Instruction Fuzzy Hash: FB21257A504204DFDF05DF54D9C0B2ABB69FB89314F20C569ED0A8B246C376E45ACBA1
                                          Function 028ED4C4 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367638041.00000000028ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 028ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28ed000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ee9291207f3d3e8fa4ef0f79d334545269d7876a8b23a82c046cc5f4a0ce4fa
                                          • Instruction ID: a2ef66fe6f7b6699b3df50e2071c7f118dc272d679fcffd333033cc14d04a730
                                          • Opcode Fuzzy Hash: 7ee9291207f3d3e8fa4ef0f79d334545269d7876a8b23a82c046cc5f4a0ce4fa
                                          • Instruction Fuzzy Hash: 8721257A504244DFDF05DF14D9C0B26BF69FB88318F20C56DE90A8B256C336D45ACBA1
                                          Function 028FD01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367844177.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28fd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a12424cc7149244bf35c4e65a47d8cec662b1eb263455af22a43b1738e5c79d
                                          • Instruction ID: e303e0a33ef896019b4f776292185345e2cf35d1fe9bb603dcd91122371158e1
                                          • Opcode Fuzzy Hash: 7a12424cc7149244bf35c4e65a47d8cec662b1eb263455af22a43b1738e5c79d
                                          • Instruction Fuzzy Hash: BB21F27D604204EFDB54DF14D984B16BB65EBC4318F20C56DEB0A8B696C33AD447CA61
                                          Function 028FD1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367844177.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28fd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f63e01300d6cee5afcc2ffaa8bb0561983cc9672deaec514055f4dde21513e56
                                          • Instruction ID: 517ee0f55e8a9cb731e9e208cd2588de857a7b2443a91ca3e8c39d1db30211b3
                                          • Opcode Fuzzy Hash: f63e01300d6cee5afcc2ffaa8bb0561983cc9672deaec514055f4dde21513e56
                                          • Instruction Fuzzy Hash: F921077D504204EFDB45DF14D5C0B16BB65FB84318F20C56DDB098B252C376E446CAA1
                                          Function 028FD007 Relevance: .1, Instructions: 61COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367844177.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28fd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78f7643cf497d01f681256867ecf4938f2a93491071baa7f41e4c96b7ba96a4b
                                          • Instruction ID: 3f794c2cbbe5dc2ec22d81c1b36a7bb2ee0661b1905d6c50ee7cee42972a9f94
                                          • Opcode Fuzzy Hash: 78f7643cf497d01f681256867ecf4938f2a93491071baa7f41e4c96b7ba96a4b
                                          • Instruction Fuzzy Hash: B12184795093C08FCB16CF24D594715BF71EB86214F28C5EAD949CF6A7C33A940ACB62
                                          Function 028ED687 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367638041.00000000028ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 028ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28ed000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 448c806a5054ba187e4508f7a226a03bb761a6c68aed6e9adf4fb178f3854da0
                                          • Instruction ID: 978a18abb9020458b9a5dbf0339ce48ba6bbda3e3ae8bdec238edb348e433d34
                                          • Opcode Fuzzy Hash: 448c806a5054ba187e4508f7a226a03bb761a6c68aed6e9adf4fb178f3854da0
                                          • Instruction Fuzzy Hash: 43219D7A504284DFCF06CF50D9C4B1ABF72FB89318F2486A9DD494B256C33AD46ACB91
                                          Function 028ED1F7 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367638041.00000000028ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 028ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28ed000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97b80ae79017b4ed6bea6dd9b7a80ca74a39b088e4df1c4c2e3fdfc2e958b63e
                                          • Instruction ID: 4e8512faf1c78fdc48494fe363c15738cdcc70bc3cc56029e8d89b7a8d44b41a
                                          • Opcode Fuzzy Hash: 97b80ae79017b4ed6bea6dd9b7a80ca74a39b088e4df1c4c2e3fdfc2e958b63e
                                          • Instruction Fuzzy Hash: 70219D7A504244DFCF06CF50D9C4B56BF62FB85314F24C5A9DC094B656C33AE42ACBA1
                                          Function 028ED4BF Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367638041.00000000028ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 028ED000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28ed000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                          • Instruction ID: 1435f025464e1902bfd74f5c1900aedfd5bb2a31be95dcc8acf3691dd1ef52b2
                                          • Opcode Fuzzy Hash: 347ceff61f71c01d8d79cfdbd8358f6f0be4c31f492294fd5b1d002aa0560fbf
                                          • Instruction Fuzzy Hash: 0A11B17A504280CFCF15CF10D9C4B16BF71FB84318F24C6A9D84A4B656C33AD45ACBA1
                                          Function 028FD1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000C.00000002.2367844177.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_12_2_28fd000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: 8da99b0675c043315235d240c95856f687ffde15cb976afcfc5439b74643563d
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: F1118E79504244DFCB55CF10D5C4B15BB61FB84214F24C6AADA498B656C33AE44ACB91

                                          Execution Graph

                                          Execution Coverage:13.6%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:158
                                          Total number of Limit Nodes:22
                                          execution_graph 27657 1380848 27659 138084e 27657->27659 27658 138091b 27659->27658 27661 138139f 27659->27661 27663 13813a3 27661->27663 27662 1381500 27662->27659 27663->27662 27667 1389148 27663->27667 27672 1389022 27663->27672 27679 1389030 27663->27679 27668 1389152 27667->27668 27669 138916c 27668->27669 27686 704f7d8 27668->27686 27691 704f7c9 27668->27691 27669->27663 27673 1389046 27672->27673 27674 13890f7 27673->27674 27696 13895b8 27673->27696 27702 1389547 27673->27702 27709 138957f 27673->27709 27715 13895c8 27673->27715 27674->27663 27680 1389046 27679->27680 27681 13890f7 27680->27681 27682 13895b8 2 API calls 27680->27682 27683 13895c8 2 API calls 27680->27683 27684 138957f 2 API calls 27680->27684 27685 1389547 2 API calls 27680->27685 27681->27663 27682->27680 27683->27680 27684->27680 27685->27680 27687 704f7ed 27686->27687 27688 704fa02 27687->27688 27689 138ef38 GlobalMemoryStatusEx GlobalMemoryStatusEx 27687->27689 27690 138ef48 GlobalMemoryStatusEx GlobalMemoryStatusEx 27687->27690 27688->27669 27689->27687 27690->27687 27693 704f7ed 27691->27693 27692 704fa02 27692->27669 27693->27692 27694 138ef38 GlobalMemoryStatusEx GlobalMemoryStatusEx 27693->27694 27695 138ef48 GlobalMemoryStatusEx GlobalMemoryStatusEx 27693->27695 27694->27693 27695->27693 27697 13895d1 27696->27697 27698 1389d95 27697->27698 27721 138ae10 27697->27721 27726 138aeb3 27697->27726 27731 138ae00 27697->27731 27698->27673 27703 138954b 27702->27703 27704 13895bb 27702->27704 27703->27673 27705 1389d95 27704->27705 27706 138ae10 2 API calls 27704->27706 27707 138ae00 2 API calls 27704->27707 27708 138aeb3 2 API calls 27704->27708 27705->27673 27706->27704 27707->27704 27708->27704 27710 1389547 27709->27710 27711 138954b 27710->27711 27712 138ae10 2 API calls 27710->27712 27713 138ae00 2 API calls 27710->27713 27714 138aeb3 2 API calls 27710->27714 27711->27673 27712->27710 27713->27710 27714->27710 27716 13895d1 27715->27716 27717 1389d95 27716->27717 27718 138ae10 2 API calls 27716->27718 27719 138ae00 2 API calls 27716->27719 27720 138aeb3 2 API calls 27716->27720 27717->27673 27718->27716 27719->27716 27720->27716 27723 138ae2d 27721->27723 27722 138aec9 27723->27722 27736 138af10 27723->27736 27742 138af00 27723->27742 27728 138ae88 27726->27728 27727 138aec9 27728->27727 27729 138af10 2 API calls 27728->27729 27730 138af00 2 API calls 27728->27730 27729->27728 27730->27728 27733 138ae10 27731->27733 27732 138aec9 27733->27732 27734 138af10 2 API calls 27733->27734 27735 138af00 2 API calls 27733->27735 27734->27733 27735->27733 27737 138af2a 27736->27737 27738 138afea 27737->27738 27748 138b548 27737->27748 27763 138b4a7 27737->27763 27778 138b746 27737->27778 27743 138af10 27742->27743 27744 138afea 27743->27744 27745 138b548 2 API calls 27743->27745 27746 138b746 2 API calls 27743->27746 27747 138b4a7 2 API calls 27743->27747 27745->27743 27746->27743 27747->27743 27751 138b451 27748->27751 27749 138b775 27749->27737 27750 138b78a 27752 138b7cb 27750->27752 27757 138b548 2 API calls 27750->27757 27759 138b746 2 API calls 27750->27759 27760 138b4a7 2 API calls 27750->27760 27804 138b798 27750->27804 27751->27749 27751->27750 27753 138b548 GlobalMemoryStatusEx GlobalMemoryStatusEx 27751->27753 27754 138b798 GlobalMemoryStatusEx GlobalMemoryStatusEx 27751->27754 27755 138b746 GlobalMemoryStatusEx GlobalMemoryStatusEx 27751->27755 27756 138b4a7 GlobalMemoryStatusEx GlobalMemoryStatusEx 27751->27756 27793 138ef38 27751->27793 27798 138ef48 27751->27798 27752->27737 27753->27751 27754->27751 27755->27751 27756->27751 27757->27752 27759->27752 27760->27752 27764 138b451 27763->27764 27764->27763 27765 138b775 27764->27765 27766 138b78a 27764->27766 27768 138ef38 2 API calls 27764->27768 27769 138ef48 2 API calls 27764->27769 27770 138b548 GlobalMemoryStatusEx GlobalMemoryStatusEx 27764->27770 27771 138b798 GlobalMemoryStatusEx GlobalMemoryStatusEx 27764->27771 27772 138b746 GlobalMemoryStatusEx GlobalMemoryStatusEx 27764->27772 27773 138b4a7 GlobalMemoryStatusEx GlobalMemoryStatusEx 27764->27773 27765->27737 27767 138b7cb 27766->27767 27774 138b548 2 API calls 27766->27774 27775 138b798 2 API calls 27766->27775 27776 138b746 2 API calls 27766->27776 27777 138b4a7 2 API calls 27766->27777 27767->27737 27768->27764 27769->27764 27770->27764 27771->27764 27772->27764 27773->27764 27774->27767 27775->27767 27776->27767 27777->27767 27780 138b451 27778->27780 27779 138b775 27779->27737 27780->27779 27781 138b78a 27780->27781 27783 138ef38 2 API calls 27780->27783 27784 138ef48 2 API calls 27780->27784 27785 138b548 GlobalMemoryStatusEx GlobalMemoryStatusEx 27780->27785 27786 138b798 GlobalMemoryStatusEx GlobalMemoryStatusEx 27780->27786 27787 138b746 GlobalMemoryStatusEx GlobalMemoryStatusEx 27780->27787 27788 138b4a7 GlobalMemoryStatusEx GlobalMemoryStatusEx 27780->27788 27782 138b7cb 27781->27782 27789 138b548 2 API calls 27781->27789 27790 138b798 2 API calls 27781->27790 27791 138b746 2 API calls 27781->27791 27792 138b4a7 2 API calls 27781->27792 27782->27737 27783->27780 27784->27780 27785->27780 27786->27780 27787->27780 27788->27780 27789->27782 27790->27782 27791->27782 27792->27782 27794 138ef48 27793->27794 27795 138ef57 27794->27795 27811 138fa88 27794->27811 27795->27751 27799 138efb7 27798->27799 27800 138ef57 27798->27800 27801 138f0e9 27799->27801 27803 138fa88 2 API calls 27799->27803 27800->27751 27801->27751 27802 138f3e7 27802->27751 27803->27802 27805 138b7b4 27804->27805 27806 138b7cb 27805->27806 27807 138b548 2 API calls 27805->27807 27808 138b798 2 API calls 27805->27808 27809 138b746 2 API calls 27805->27809 27810 138b4a7 2 API calls 27805->27810 27806->27752 27807->27806 27808->27806 27809->27806 27810->27806 27815 138fac0 27811->27815 27821 138fab2 27811->27821 27812 138f3e7 27812->27751 27816 138facd 27815->27816 27817 138faf5 27815->27817 27816->27812 27827 138fb98 27817->27827 27830 138fb90 27817->27830 27818 138fb12 27818->27812 27822 138facd 27821->27822 27823 138faf5 27821->27823 27822->27812 27825 138fb98 GlobalMemoryStatusEx 27823->27825 27826 138fb90 GlobalMemoryStatusEx 27823->27826 27824 138fb12 27824->27812 27825->27824 27826->27824 27828 138fbde GlobalMemoryStatusEx 27827->27828 27829 138fc0e 27828->27829 27829->27818 27831 138fb99 GlobalMemoryStatusEx 27830->27831 27833 138fc0e 27831->27833 27833->27818 27834 659016f 27836 659017e 27834->27836 27837 659005c 27834->27837 27835 6590166 27837->27835 27838 704f7c9 GlobalMemoryStatusEx GlobalMemoryStatusEx 27837->27838 27839 704f7d8 GlobalMemoryStatusEx GlobalMemoryStatusEx 27837->27839 27838->27837 27839->27837 27840 1387f20 27841 1387f64 CheckRemoteDebuggerPresent 27840->27841 27842 1387fa6 27841->27842

                                          Executed Functions

                                          Function 07042418 Relevance: 1.5, Instructions: 1533COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05d528f486f2eb7e262c3eadb690f53f622b5a916617933f380994a6fdb55e6e
                                          • Instruction ID: 09b11a44f2474726d343f6662e64f5f458cf9684d65636dff4d616dad8c8fc2d
                                          • Opcode Fuzzy Hash: 05d528f486f2eb7e262c3eadb690f53f622b5a916617933f380994a6fdb55e6e
                                          • Instruction Fuzzy Hash: 05E208B0A00216CFDB64DB68C584A9DB7F2FF89314F5486A9E409AB351DB35ED85CF80
                                          Function 07046378 Relevance: .8, Instructions: 819COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d8dae49ac22f605ae3a8632ffba96d6277fc74e6bd1d361953ffb8500bec3fd
                                          • Instruction ID: 484557cefd6b6546bf59ff1d15575574ea10be6d54b662d6db79f634540e2445
                                          • Opcode Fuzzy Hash: 5d8dae49ac22f605ae3a8632ffba96d6277fc74e6bd1d361953ffb8500bec3fd
                                          • Instruction Fuzzy Hash: 42625FB5B002069FDB54DB68D584AADB7F2FF89314F148A79D406AB350EB36EC42CB50
                                          Function 0704B3C0 Relevance: .8, Instructions: 777COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9215b2bb87cce7e1ba113109b58ab6c7a676f5bcd5e44ab78309262f40396681
                                          • Instruction ID: e6625da0ed2b546cb0ecf82fc1268b331a12d71389df77d5667e9510058d4c1c
                                          • Opcode Fuzzy Hash: 9215b2bb87cce7e1ba113109b58ab6c7a676f5bcd5e44ab78309262f40396681
                                          • Instruction Fuzzy Hash: FD523FF0A0020A9FEB64DB68D4907ADB7F6FB85314F208679D415EB351DA39DC82CB91
                                          Function 0704C310 Relevance: .6, Instructions: 645COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2912 704c310-704c332 2913 704c334-704c337 2912->2913 2914 704c594-704c597 2913->2914 2915 704c33d-704c340 2913->2915 2916 704c57d-704c580 2914->2916 2917 704c599 2914->2917 2918 704c342-704c367 2915->2918 2919 704c36c-704c36f 2915->2919 2920 704c586-704c58a 2916->2920 2921 704c6aa-704c6dd 2916->2921 2924 704c59e-704c5a1 2917->2924 2918->2919 2922 704c390-704c393 2919->2922 2923 704c371-704c38b 2919->2923 2925 704c58f-704c592 2920->2925 2940 704c6df-704c6e2 2921->2940 2928 704c395-704c3ba 2922->2928 2929 704c3bf-704c3c2 2922->2929 2923->2922 2926 704c5a3-704c5a9 2924->2926 2927 704c5ae-704c5b1 2924->2927 2925->2914 2925->2924 2926->2927 2935 704c5c1-704c5c4 2927->2935 2936 704c5b3-704c5ba 2927->2936 2928->2929 2931 704c3c4-704c3d5 2929->2931 2932 704c3da-704c3dd 2929->2932 2931->2932 2938 704c3df-704c405 2932->2938 2939 704c40a-704c40d 2932->2939 2941 704c5c6-704c5c9 2935->2941 2944 704c5ce-704c5d1 2935->2944 2936->2941 2942 704c5bc 2936->2942 2938->2939 2948 704c42e-704c431 2939->2948 2949 704c40f-704c429 2939->2949 2946 704c6e4-704c6fd 2940->2946 2947 704c70e-704c711 2940->2947 2941->2944 2942->2935 2950 704c5f4-704c5f7 2944->2950 2951 704c5d3-704c5ef 2944->2951 3000 704c797-704c7a3 2946->3000 3001 704c703-704c70d 2946->3001 2958 704c713-704c71d 2947->2958 2959 704c71e-704c721 2947->2959 2952 704c433-704c435 2948->2952 2953 704c438-704c43b 2948->2953 2949->2948 2955 704c60d-704c610 2950->2955 2956 704c5f9-704c602 2950->2956 2951->2950 2952->2953 2962 704c45c-704c45f 2953->2962 2963 704c43d-704c457 2953->2963 2966 704c680-704c683 2955->2966 2967 704c612-704c67b 2955->2967 2964 704c55d-704c566 2956->2964 2965 704c608 2956->2965 2969 704c744-704c747 2959->2969 2970 704c723-704c73f 2959->2970 2974 704c461-704c487 2962->2974 2975 704c48c-704c48f 2962->2975 2963->2962 2964->2921 2977 704c56c-704c573 2964->2977 2965->2955 2978 704c685-704c688 2966->2978 2979 704c68d-704c68f 2966->2979 2967->2966 2972 704c767-704c76a 2969->2972 2973 704c749-704c762 2969->2973 2970->2969 2985 704c785-704c787 2972->2985 2986 704c76c-704c77a 2972->2986 2973->2972 2974->2975 2987 704c4b0-704c4b3 2975->2987 2988 704c491-704c4ab 2975->2988 2989 704c578-704c57b 2977->2989 2978->2979 2990 704c696-704c699 2979->2990 2991 704c691 2979->2991 2995 704c78e-704c791 2985->2995 2996 704c789 2985->2996 2986->2946 3013 704c780 2986->3013 2997 704c4b5-704c4d8 2987->2997 2998 704c4dd-704c4e0 2987->2998 2988->2987 2989->2916 2989->2925 2990->2913 3002 704c69f-704c6a9 2990->3002 2991->2990 2995->2940 2995->3000 2996->2995 2997->2998 3009 704c4f1-704c4f4 2998->3009 3010 704c4e2-704c4ec 2998->3010 3007 704c943-704c94d 3000->3007 3008 704c7a9-704c7b2 3000->3008 3014 704c94e-704c986 3008->3014 3015 704c7b8-704c7d8 3008->3015 3017 704c4f6-704c504 3009->3017 3018 704c50b-704c50e 3009->3018 3010->3009 3013->2985 3034 704c988-704c98b 3014->3034 3046 704c931-704c93d 3015->3046 3047 704c7de-704c7e7 3015->3047 3029 704c545-704c546 3017->3029 3030 704c506 3017->3030 3019 704c527-704c52a 3018->3019 3020 704c510-704c522 3018->3020 3019->2956 3024 704c530-704c533 3019->3024 3020->3019 3032 704c535-704c53b 3024->3032 3033 704c540-704c543 3024->3033 3036 704c54b-704c54e 3029->3036 3030->3018 3032->3033 3033->3029 3033->3036 3037 704c98d-704c9a9 3034->3037 3038 704c9ae-704c9b1 3034->3038 3041 704c550-704c555 3036->3041 3042 704c558-704c55b 3036->3042 3037->3038 3043 704c9b7-704c9c5 3038->3043 3044 704cb6b-704cb6d 3038->3044 3041->3042 3042->2964 3042->2989 3053 704c9cc-704c9ce 3043->3053 3049 704cb74-704cb77 3044->3049 3050 704cb6f 3044->3050 3046->3007 3046->3008 3047->3014 3051 704c7ed-704c81c call 7046328 3047->3051 3049->3034 3052 704cb7d-704cb86 3049->3052 3050->3049 3065 704c85e-704c874 3051->3065 3066 704c81e-704c856 3051->3066 3056 704c9e5-704ca0f 3053->3056 3057 704c9d0-704c9d3 3053->3057 3067 704ca15-704ca1e 3056->3067 3068 704cb60-704cb6a 3056->3068 3057->3052 3074 704c876-704c88a 3065->3074 3075 704c892-704c8a8 3065->3075 3066->3065 3069 704ca24-704cb31 call 7046328 3067->3069 3070 704cb39-704cb5e 3067->3070 3069->3067 3119 704cb37 3069->3119 3070->3052 3074->3075 3083 704c8c6-704c8d9 3075->3083 3084 704c8aa-704c8be 3075->3084 3091 704c8e7 3083->3091 3092 704c8db-704c8e5 3083->3092 3084->3083 3093 704c8ec-704c8ee 3091->3093 3092->3093 3095 704c8f0-704c8f5 3093->3095 3096 704c91f-704c92b 3093->3096 3097 704c8f7-704c901 3095->3097 3098 704c903 3095->3098 3096->3046 3096->3047 3099 704c908-704c90a 3097->3099 3098->3099 3099->3096 3101 704c90c-704c918 3099->3101 3101->3096 3119->3068
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63684e130b8f561a901ec49d1a8fa21ab8ea7a86254478a4d4d234089440de79
                                          • Instruction ID: 11e37ce09c1268f0f13488d8137086c1b6372d18fa9a29c52b38ab2b3f60fcd2
                                          • Opcode Fuzzy Hash: 63684e130b8f561a901ec49d1a8fa21ab8ea7a86254478a4d4d234089440de79
                                          • Instruction Fuzzy Hash: 643242B4B011069FEB54DF68D994BAEB7B2FB88310F108639D505E7351DB39EC428BA1
                                          Function 07045358 Relevance: .6, Instructions: 592COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 3120 7045358-7045375 3121 7045377-704537a 3120->3121 3122 704537c-7045399 3121->3122 3123 704539e-70453a1 3121->3123 3122->3123 3124 70453a3-70453a5 3123->3124 3125 70453a8-70453ab 3123->3125 3124->3125 3126 70453c1-70453c4 3125->3126 3127 70453ad-70453bc 3125->3127 3129 70453c6-70453d3 3126->3129 3130 70453d8-70453db 3126->3130 3127->3126 3129->3130 3132 70453dd-70453e3 3130->3132 3133 70453ee-70453f1 3130->3133 3136 704548f-7045492 3132->3136 3137 70453e9 3132->3137 3138 70453f3-7045408 3133->3138 3139 704540d-7045410 3133->3139 3142 7045497-704549a 3136->3142 3137->3133 3138->3139 3140 7045412-7045418 3139->3140 3141 7045423-7045426 3139->3141 3143 704549c-70454a6 3140->3143 3144 704541e 3140->3144 3145 7045437-704543a 3141->3145 3146 7045428-704542c 3141->3146 3142->3143 3147 70454b4-70454b7 3142->3147 3154 70454ad-70454af 3143->3154 3144->3141 3145->3140 3151 704543c-704543f 3145->3151 3149 7045432 3146->3149 3150 704551e-704552b 3146->3150 3152 70454c5-70454c8 3147->3152 3153 70454b9-70454c0 3147->3153 3149->3145 3155 7045441-7045447 3151->3155 3156 7045452-7045455 3151->3156 3157 70454d4-70454d7 3152->3157 3158 70454ca-70454d3 3152->3158 3153->3152 3154->3147 3160 70454e2-70454e8 3155->3160 3161 704544d 3155->3161 3162 7045457-704545a 3156->3162 3163 704545f-7045462 3156->3163 3157->3155 3159 70454dd-70454e0 3157->3159 3159->3160 3164 704550c-704550e 3159->3164 3165 704552c-704555b 3160->3165 3166 70454ea-70454f2 3160->3166 3161->3156 3162->3163 3167 7045464-7045465 3163->3167 3168 704546a-704546d 3163->3168 3170 7045515-7045518 3164->3170 3171 7045510 3164->3171 3177 7045565-7045568 3165->3177 3166->3165 3169 70454f4-7045501 3166->3169 3167->3168 3172 704546f-7045485 3168->3172 3173 704548a-704548d 3168->3173 3169->3165 3174 7045503-7045507 3169->3174 3170->3121 3170->3150 3171->3170 3172->3173 3173->3136 3173->3142 3174->3164 3178 704558a-704558d 3177->3178 3179 704556a-704556e 3177->3179 3182 70455a1-70455a4 3178->3182 3183 704558f-7045596 3178->3183 3180 7045574-704557c 3179->3180 3181 7045656-7045693 3179->3181 3180->3181 3184 7045582-7045585 3180->3184 3195 7045695-7045698 3181->3195 3187 70455c6-70455c9 3182->3187 3188 70455a6-70455aa 3182->3188 3185 704559c 3183->3185 3186 704564e-7045655 3183->3186 3184->3178 3185->3182 3191 70455e1-70455e4 3187->3191 3192 70455cb-70455dc 3187->3192 3188->3181 3190 70455b0-70455b8 3188->3190 3190->3181 3196 70455be-70455c1 3190->3196 3193 70455e6-70455ea 3191->3193 3194 70455fe-7045601 3191->3194 3192->3191 3193->3181 3197 70455ec-70455f4 3193->3197 3198 7045612-7045615 3194->3198 3199 7045603-704560d 3194->3199 3200 704569e-704580a 3195->3200 3201 7045958-704595b 3195->3201 3196->3187 3197->3181 3203 70455f6-70455f9 3197->3203 3205 7045617-704561b 3198->3205 3206 704562f-7045632 3198->3206 3199->3198 3269 7045810-7045817 3200->3269 3270 7045942-7045955 3200->3270 3201->3200 3204 7045961-7045964 3201->3204 3203->3194 3207 7045966-7045978 3204->3207 3208 704597f-7045982 3204->3208 3205->3181 3211 704561d-7045625 3205->3211 3212 7045634-704563b 3206->3212 3213 704563c-704563e 3206->3213 3222 70459f1-70459f6 3207->3222 3223 704597a 3207->3223 3208->3200 3214 7045988-704598b 3208->3214 3211->3181 3215 7045627-704562a 3211->3215 3216 7045645-7045648 3213->3216 3217 7045640 3213->3217 3219 70459a3-70459a6 3214->3219 3220 704598d-70459a0 3214->3220 3215->3206 3216->3177 3216->3186 3217->3216 3224 70459c1-70459c4 3219->3224 3225 70459a8-70459ba 3219->3225 3228 70459f9-70459fc 3222->3228 3223->3208 3226 70459c6-70459d8 3224->3226 3227 70459df-70459e2 3224->3227 3225->3222 3236 70459bc 3225->3236 3226->3222 3243 70459da 3226->3243 3231 70459e4-70459e9 3227->3231 3232 70459ec-70459ef 3227->3232 3233 7045a03-7045a06 3228->3233 3234 70459fe-7045a00 3228->3234 3231->3232 3232->3222 3232->3228 3238 7045a21-7045a24 3233->3238 3239 7045a08-7045a1a 3233->3239 3234->3233 3236->3224 3241 7045a26-7045a38 3238->3241 3242 7045a43-7045a45 3238->3242 3239->3226 3248 7045a1c 3239->3248 3241->3220 3252 7045a3e 3241->3252 3244 7045a47 3242->3244 3245 7045a4c-7045a4f 3242->3245 3243->3227 3244->3245 3245->3195 3250 7045a55-7045a5e 3245->3250 3248->3238 3252->3242 3271 704581d-7045840 3269->3271 3272 70458ca-70458d1 3269->3272 3281 7045848-704584f 3271->3281 3272->3270 3274 70458d3-7045906 3272->3274 3285 7045908 3274->3285 3286 704590b-7045938 3274->3286 3283 7045854-7045895 3281->3283 3284 7045851 3281->3284 3294 7045897-70458a8 3283->3294 3295 70458ad-70458be 3283->3295 3284->3283 3285->3286 3286->3250 3294->3250 3295->3250
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c07601010a655fad654079326a6bc94b1c4f92efb20ba2330bfd0ac8dad9710a
                                          • Instruction ID: 0882148460a8e60126065ae5762aeaf1db80f816fdd646b797880beb92114d1b
                                          • Opcode Fuzzy Hash: c07601010a655fad654079326a6bc94b1c4f92efb20ba2330bfd0ac8dad9710a
                                          • Instruction Fuzzy Hash: 1112C1B1F002569BDB20DB64DC806AEBBF2EF85310F248579E859DB381DA74EC55CB90
                                          Function 07047B00 Relevance: .5, Instructions: 476COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f433d57420e5f873bbc44fd5b1a6a75e4f91bc48167c3944737d6ffb40d65e08
                                          • Instruction ID: 5b7c35d00b7901c3a9a40cb201a06954d08aceb6c4551daabfecee7a1c89a6cc
                                          • Opcode Fuzzy Hash: f433d57420e5f873bbc44fd5b1a6a75e4f91bc48167c3944737d6ffb40d65e08
                                          • Instruction Fuzzy Hash: 58028EB0B102169FDB54DB68D4946AEB7F2FF88314F148A79D406AB391DB35EC42CB90
                                          Function 01387F19 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 507 1387f19-1387fa4 CheckRemoteDebuggerPresent 510 1387fad-1387fe8 507->510 511 1387fa6-1387fac 507->511 511->510
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 01387F97
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4615614937.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_1380000_Logon32.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 688dad6e627136543b6dcff42c840ad34e218ad3bb1fbdb5a39e1203b11820ab
                                          • Instruction ID: ab3a4c6a8542c07a986c3edc01afbde58577c9bf7214b46b68cc62a055a52d71
                                          • Opcode Fuzzy Hash: 688dad6e627136543b6dcff42c840ad34e218ad3bb1fbdb5a39e1203b11820ab
                                          • Instruction Fuzzy Hash: 502148B2800259CFDB10DF9AD484BEEFBF5EF49314F24841AE558A7250D778A944CF61
                                          Function 01387F20 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 514 1387f20-1387fa4 CheckRemoteDebuggerPresent 516 1387fad-1387fe8 514->516 517 1387fa6-1387fac 514->517 517->516
                                          APIs
                                          • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 01387F97
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4615614937.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_1380000_Logon32.jbxd
                                          Similarity
                                          • API ID: CheckDebuggerPresentRemote
                                          • String ID:
                                          • API String ID: 3662101638-0
                                          • Opcode ID: 7a9fb7f7fee8d64f533328ed5f1b7b8183bde219e7bd36607f7a93af13f90510
                                          • Instruction ID: 954f84165dc9e89c30301dee3395ddd9a14177fa70fcf379ae0310d0c024ec06
                                          • Opcode Fuzzy Hash: 7a9fb7f7fee8d64f533328ed5f1b7b8183bde219e7bd36607f7a93af13f90510
                                          • Instruction Fuzzy Hash: 672157B1800259CFDB10DF9AD884BEEFBF5AF48324F24841AE458A7250C778A944CF61
                                          Function 0138FB90 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 520 138fb90-138fc0c GlobalMemoryStatusEx 523 138fc0e-138fc14 520->523 524 138fc15-138fc3d 520->524 523->524
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 0138FBFF
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4615614937.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_1380000_Logon32.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: b8ae50ed576b1d835a606747107b34a823965ee21bbc424b10fae76fd4bd240d
                                          • Instruction ID: 94d0e879bb07d0dd4ae6b554f08c309240d95f48cfe85a54db79cf02e9f421cb
                                          • Opcode Fuzzy Hash: b8ae50ed576b1d835a606747107b34a823965ee21bbc424b10fae76fd4bd240d
                                          • Instruction Fuzzy Hash: 491144B1C0066A9FDB10DF9AC544BDEFBB4AF48324F10812AD918A7240D378A944CFE5
                                          Function 0138FB98 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 527 138fb98-138fc0c GlobalMemoryStatusEx 529 138fc0e-138fc14 527->529 530 138fc15-138fc3d 527->530 529->530
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE ref: 0138FBFF
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4615614937.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_1380000_Logon32.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: d2d4ec7a098afaa35aff6bffc0e0d57564f4e244200719ec6f673cb60167d46a
                                          • Instruction ID: e288f6558d3565f50e85533694d2db9d2500cd51717a1e7817c573e1823c35ca
                                          • Opcode Fuzzy Hash: d2d4ec7a098afaa35aff6bffc0e0d57564f4e244200719ec6f673cb60167d46a
                                          • Instruction Fuzzy Hash: 581123B1C0065A9FDB10DF9AC444BDEFBF4AF48324F14812AD918A7241D378A954CFA5
                                          Function 0704D0D0 Relevance: .8, Instructions: 801COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2367 704d0d0-704d0eb 2368 704d0ed-704d0f0 2367->2368 2369 704d0f2-704d101 2368->2369 2370 704d139-704d13c 2368->2370 2373 704d110-704d11c 2369->2373 2374 704d103-704d108 2369->2374 2371 704d185-704d188 2370->2371 2372 704d13e-704d180 2370->2372 2375 704d1d1-704d1d4 2371->2375 2376 704d18a-704d1cc 2371->2376 2372->2371 2377 704d122-704d134 2373->2377 2378 704daed-704db26 2373->2378 2374->2373 2380 704d1d6-704d1ec 2375->2380 2381 704d1f1-704d1f4 2375->2381 2376->2375 2377->2370 2391 704db28-704db2b 2378->2391 2380->2381 2383 704d1f6-704d238 2381->2383 2384 704d23d-704d240 2381->2384 2383->2384 2389 704d242-704d284 2384->2389 2390 704d289-704d28c 2384->2390 2389->2390 2394 704d2d5-704d2d8 2390->2394 2395 704d28e-704d29d 2390->2395 2396 704db2d-704db49 2391->2396 2397 704db4e-704db51 2391->2397 2405 704d321-704d324 2394->2405 2406 704d2da-704d31c 2394->2406 2401 704d2ac-704d2b8 2395->2401 2402 704d29f-704d2a4 2395->2402 2396->2397 2398 704db84-704db87 2397->2398 2399 704db53-704db7f 2397->2399 2410 704db96-704db98 2398->2410 2411 704db89 2398->2411 2399->2398 2401->2378 2412 704d2be-704d2d0 2401->2412 2402->2401 2413 704d326-704d368 2405->2413 2414 704d36d-704d370 2405->2414 2406->2405 2419 704db9f-704dba2 2410->2419 2420 704db9a 2410->2420 2627 704db89 call 704dc45 2411->2627 2628 704db89 call 704dc58 2411->2628 2412->2394 2413->2414 2416 704d372-704d3b4 2414->2416 2417 704d3b9-704d3bc 2414->2417 2416->2417 2422 704d3be-704d3c0 2417->2422 2423 704d3cb-704d3ce 2417->2423 2419->2391 2428 704dba4-704dbb3 2419->2428 2420->2419 2432 704d3c6 2422->2432 2433 704d477-704d480 2422->2433 2434 704d3d4-704d3d7 2423->2434 2435 704d5bc-704d5c8 2423->2435 2426 704db8f-704db91 2426->2410 2453 704dbb5-704dc18 call 7046328 2428->2453 2454 704dc1a-704dc2f 2428->2454 2432->2423 2439 704d482-704d487 2433->2439 2440 704d48f-704d49b 2433->2440 2441 704d3d9-704d3f5 2434->2441 2442 704d3fa-704d3fd 2434->2442 2435->2369 2444 704d5ce-704d8bb 2435->2444 2439->2440 2448 704d4a1-704d4b5 2440->2448 2449 704d5ac-704d5b1 2440->2449 2441->2442 2451 704d40c-704d40f 2442->2451 2452 704d3ff-704d401 2442->2452 2580 704d8c1-704d8c7 2444->2580 2581 704dae2-704daec 2444->2581 2462 704d5b9 2448->2462 2475 704d4bb-704d4cd 2448->2475 2449->2462 2463 704d411-704d453 2451->2463 2464 704d458-704d45b 2451->2464 2461 704d407 2452->2461 2452->2462 2453->2454 2474 704dc30 2454->2474 2461->2451 2462->2435 2463->2464 2470 704d465-704d467 2464->2470 2471 704d45d-704d462 2464->2471 2481 704d46e-704d471 2470->2481 2482 704d469 2470->2482 2471->2470 2474->2474 2491 704d4f1-704d4f3 2475->2491 2492 704d4cf-704d4d5 2475->2492 2481->2368 2481->2433 2482->2481 2494 704d4fd-704d509 2491->2494 2495 704d4d7 2492->2495 2496 704d4d9-704d4e5 2492->2496 2506 704d517 2494->2506 2507 704d50b-704d515 2494->2507 2499 704d4e7-704d4ef 2495->2499 2496->2499 2499->2494 2509 704d51c-704d51e 2506->2509 2507->2509 2509->2462 2512 704d524-704d540 call 7046328 2509->2512 2521 704d542-704d547 2512->2521 2522 704d54f-704d55b 2512->2522 2521->2522 2522->2449 2524 704d55d-704d5aa 2522->2524 2524->2462 2582 704d8d6-704d8df 2580->2582 2583 704d8c9-704d8ce 2580->2583 2582->2378 2584 704d8e5-704d8f8 2582->2584 2583->2582 2586 704dad2-704dadc 2584->2586 2587 704d8fe-704d904 2584->2587 2586->2580 2586->2581 2588 704d906-704d90b 2587->2588 2589 704d913-704d91c 2587->2589 2588->2589 2589->2378 2590 704d922-704d943 2589->2590 2593 704d945-704d94a 2590->2593 2594 704d952-704d95b 2590->2594 2593->2594 2594->2378 2595 704d961-704d97e 2594->2595 2595->2586 2598 704d984-704d98a 2595->2598 2598->2378 2599 704d990-704d9a9 2598->2599 2601 704dac5-704dacc 2599->2601 2602 704d9af-704d9d6 2599->2602 2601->2586 2601->2598 2602->2378 2605 704d9dc-704d9e6 2602->2605 2605->2378 2606 704d9ec-704da03 2605->2606 2608 704da05-704da10 2606->2608 2609 704da12-704da2d 2606->2609 2608->2609 2609->2601 2614 704da33-704da4c call 7046328 2609->2614 2618 704da4e-704da53 2614->2618 2619 704da5b-704da64 2614->2619 2618->2619 2619->2378 2620 704da6a-704dabe 2619->2620 2620->2601 2627->2426 2628->2426
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: adafb1007649be49570513203d900cbbd572d8c40577d38afe21d648e02b9164
                                          • Instruction ID: 3730b6da540e66f001aaa48b3311c83d2c1cb08c617e13e2f4eb65949d49e368
                                          • Opcode Fuzzy Hash: adafb1007649be49570513203d900cbbd572d8c40577d38afe21d648e02b9164
                                          • Instruction Fuzzy Hash: 3162F8B070020B8FDB15EF68D590A5EB7B2FF85314F208A69D1169B355DB79EC86CB80
                                          Function 0704AE58 Relevance: .4, Instructions: 394COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7ce7ba52defd381baf74c35dd71c3841e23dc98d7034e462ece4adda4f9ba12
                                          • Instruction ID: e18e734345bdb77f914a4f9276cbc29d14d60d93a88505b51ed9779682b133fc
                                          • Opcode Fuzzy Hash: f7ce7ba52defd381baf74c35dd71c3841e23dc98d7034e462ece4adda4f9ba12
                                          • Instruction Fuzzy Hash: E3E15DF0A1020A8FDB15DF69D4946AEB7F2FF89304F208639D416AB345DB75EC468B90
                                          Function 07046369 Relevance: .3, Instructions: 317COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb8f84c375e47c5b3dd6607f3e8c7d757d4a38cc378f844bad4608db3ad2fa71
                                          • Instruction ID: 2aac816c44f10357b5e2c77400f4aeb8c29c6cc586e68670477d4b9d64cf25c0
                                          • Opcode Fuzzy Hash: eb8f84c375e47c5b3dd6607f3e8c7d757d4a38cc378f844bad4608db3ad2fa71
                                          • Instruction Fuzzy Hash: B7C110B4A001069FDB54DB68D584AADB7F2FB8A310F148A75E806E7354EB36ED42CB50
                                          Function 0704B3AF Relevance: .3, Instructions: 294COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28a599643e0991228a87e51fb93a96bca7f75787a55170939d19564c26892735
                                          • Instruction ID: 7086b4c4cd6772b64541ee4ff246a08188d61fd928d672dfd1832481231799a0
                                          • Opcode Fuzzy Hash: 28a599643e0991228a87e51fb93a96bca7f75787a55170939d19564c26892735
                                          • Instruction Fuzzy Hash: 9BA163F4B0010A9BEF64DA6CD4907AEB7F6FB89310F604935E405E7395DA39DC828B61
                                          Function 07048BB0 Relevance: .3, Instructions: 262COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3bc6978030e5d20ccf9f5ec2e6c57c531920cf90134bacd09dc8f2e0f7859bd2
                                          • Instruction ID: 21b37954f71169bd65e14a68d53416994c0e960f62737149d86124ad350144d4
                                          • Opcode Fuzzy Hash: 3bc6978030e5d20ccf9f5ec2e6c57c531920cf90134bacd09dc8f2e0f7859bd2
                                          • Instruction Fuzzy Hash: 30A11B70B012168FDB54DF74D8907AEB7F2FB89300F1089B9D40AAB391DA35DD868B91
                                          Function 070492D8 Relevance: .2, Instructions: 231COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3be07afcd7bc774cab152ea96be06207f0fa4a5128fb457838a6bb1478540b6f
                                          • Instruction ID: e3d0b4550417f6934046bdf1a8854046615df22d2814476324cecd7821b8e510
                                          • Opcode Fuzzy Hash: 3be07afcd7bc774cab152ea96be06207f0fa4a5128fb457838a6bb1478540b6f
                                          • Instruction Fuzzy Hash: 98912DB4B1011A8FDB54DF65D8507AEB7F6EF89300F108979C80AEB344EA75ED428B91
                                          Function 07045F78 Relevance: .2, Instructions: 229COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f104488703bcb43457fb08feb71266194ca25822c16b3a0a95e489147ac3bcae
                                          • Instruction ID: eb94b4b8d8b47a16d68e3e0beafd7beb5264c76533e514f64e6f3956e68207e9
                                          • Opcode Fuzzy Hash: f104488703bcb43457fb08feb71266194ca25822c16b3a0a95e489147ac3bcae
                                          • Instruction Fuzzy Hash: B661A5B1F001224BDF549A7DCC84A6FFAD7AFC5210B15453AE80ADB3A0DE66DD0287D5
                                          Function 07044370 Relevance: .2, Instructions: 224COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3700ee86e14979943d46ad878dc5a98e41426a43cfde4f569c921f77b608970
                                          • Instruction ID: 37aff2bf956b2218435a8715cfa0daf03b0d9673a8c5c0a56383d952438c0178
                                          • Opcode Fuzzy Hash: b3700ee86e14979943d46ad878dc5a98e41426a43cfde4f569c921f77b608970
                                          • Instruction Fuzzy Hash: 3B913E70E0065A8FDF60DF68C840B9DB7B1FF89310F2086A9E549AB255DB70AD85CF91
                                          Function 07044051 Relevance: .2, Instructions: 222COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec48dd79814e7a3be15cf29b8b3b5b9e10514d5b88180939d79844235f4adcbf
                                          • Instruction ID: 209129c4e42816af16a591bd77939410c22f6baf39529bc9b0010a6c28ab4207
                                          • Opcode Fuzzy Hash: ec48dd79814e7a3be15cf29b8b3b5b9e10514d5b88180939d79844235f4adcbf
                                          • Instruction Fuzzy Hash: 9A813EB4B012468BDB54DFA8D55476EB7F2EF88300F208539E40AEB354EA75DD428B91
                                          Function 07044060 Relevance: .2, Instructions: 218COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 662a3d9a4b4c390f14bb0305385d4418dba255cecafa230979d9efb07ea0c29a
                                          • Instruction ID: 8b985088d6674c5ce628b373a9681fa2dd214902c804bfe2db3ddd9995cf6bab
                                          • Opcode Fuzzy Hash: 662a3d9a4b4c390f14bb0305385d4418dba255cecafa230979d9efb07ea0c29a
                                          • Instruction Fuzzy Hash: E8813DB4B012468BDF54DFA8D55476EB7F2EF88300F208539E40AEB354EA75ED428B91
                                          Function 07044388 Relevance: .2, Instructions: 210COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03bd09d9391fd178efe373820080e377d9a6b7d88c7c5e27bfa06f135ded008f
                                          • Instruction ID: 41692c36d938254e37b116b945db691a848de424315554d9a851297ea42230f5
                                          • Opcode Fuzzy Hash: 03bd09d9391fd178efe373820080e377d9a6b7d88c7c5e27bfa06f135ded008f
                                          • Instruction Fuzzy Hash: 9E913F70E0065A8BDF60DF68C840B9DB7B1FF89314F2086A9E549AB345DB70AD85CF91
                                          Function 0704ECA7 Relevance: .2, Instructions: 206COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1bd772b18ad71c4397df3414f151448eb52301fa75d8a7f734c7cc4e8237081c
                                          • Instruction ID: de887bf038d47dc028c32cffc99d84d8534265b328d3b278e615d8e61082e082
                                          • Opcode Fuzzy Hash: 1bd772b18ad71c4397df3414f151448eb52301fa75d8a7f734c7cc4e8237081c
                                          • Instruction Fuzzy Hash: 9D711DB1A0024A9FDB14DFA9D990A9DBBF6FF88304F148539D405EB355DB34EC468B50
                                          Function 0704ECB8 Relevance: .2, Instructions: 201COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b3825f7ba42c8df752f8cd1e8590e5d4d27cd8dab82293500c61d24ca9be7eb
                                          • Instruction ID: adb63c8b139628a98b0daa00ec066b95611a6e7dc93e982ebb03f14e2e8adc6e
                                          • Opcode Fuzzy Hash: 3b3825f7ba42c8df752f8cd1e8590e5d4d27cd8dab82293500c61d24ca9be7eb
                                          • Instruction Fuzzy Hash: 12710CB0A0024A9FDB14DFA9D990AADBBF6FF88304F148539D405EB354DB34EC468B50
                                          Function 07044920 Relevance: .2, Instructions: 186COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b91341aa03d24581a2e750731af2daffc29cd5bba620620981b86fd97d084336
                                          • Instruction ID: 2449fa08e7993e12a195dd8010200de9b46401f9534f820b70978bb9560b2e29
                                          • Opcode Fuzzy Hash: b91341aa03d24581a2e750731af2daffc29cd5bba620620981b86fd97d084336
                                          • Instruction Fuzzy Hash: AE618371B002199FEF549BA8C8547AEBBF6FF88300F208529E106EB395DF755C418B90
                                          Function 0704F7C9 Relevance: .2, Instructions: 170COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79e37c24aaf2b2e00cb70ec773e2293d21799a55f011457511c806061cc937f8
                                          • Instruction ID: 27bd854062d56e41b4ba7e95da763dd6f1ff9ee3a81e345ef4e8855ce47240b9
                                          • Opcode Fuzzy Hash: 79e37c24aaf2b2e00cb70ec773e2293d21799a55f011457511c806061cc937f8
                                          • Instruction Fuzzy Hash: 0D518FF47001179FEF605A7CD85476F3AAAE789310F24453AE50AE7392DD2CDC8187A2
                                          Function 070492C8 Relevance: .2, Instructions: 167COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be0dcd3b4e5719e97e4d23200aed223bd692fbaf119f53b1c765132c71ad0f93
                                          • Instruction ID: 23390174c778c4dc95cbc7ebc1f5ea8a2e3e59c2728728c5cb7be0c9b175ea96
                                          • Opcode Fuzzy Hash: be0dcd3b4e5719e97e4d23200aed223bd692fbaf119f53b1c765132c71ad0f93
                                          • Instruction Fuzzy Hash: 3F513DB0B111069BDB54DF78D950B6E73F6EB88300F148979D80AE7384EA39EC428B91
                                          Function 0704F7D8 Relevance: .2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 818026aaf4184ccb72519d4a23cd8eb093ae8e8e4002ba4e1b7f92e94f01d6cf
                                          • Instruction ID: 118784f1b160f98473b9c29d0d64a35517136a5dcb1bf869bb088c676d290f2f
                                          • Opcode Fuzzy Hash: 818026aaf4184ccb72519d4a23cd8eb093ae8e8e4002ba4e1b7f92e94f01d6cf
                                          • Instruction Fuzzy Hash: 67516EF47101179BFF645A6CD85472E369AE789310F24453AE20AE73D1DD6CEC8187A2
                                          Function 07044910 Relevance: .1, Instructions: 143COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c23960d29032a152373a8f173b705391d9043d2eb545b2b78f4825a5ebc164f4
                                          • Instruction ID: 7e913b8e9de0d310cd503cab0820e96d2bd1bb57bf7ec14d939a2995ef122464
                                          • Opcode Fuzzy Hash: c23960d29032a152373a8f173b705391d9043d2eb545b2b78f4825a5ebc164f4
                                          • Instruction Fuzzy Hash: 5F518271B102599FEB149FA9C854BAEBAF6FF88300F20C529E105EB395DE759C018B90
                                          Function 07045349 Relevance: .1, Instructions: 132COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71be5e0bcafed493d052329cec92f98fbcfb492fd30a59fa97ef3ba78215d4be
                                          • Instruction ID: 4c3282f9e135f11233a4d0f1906d13bf471e18da6016702cdcdd475d2c101bd3
                                          • Opcode Fuzzy Hash: 71be5e0bcafed493d052329cec92f98fbcfb492fd30a59fa97ef3ba78215d4be
                                          • Instruction Fuzzy Hash: 684193F4A002069FDF709AA8C88077EB7F2FB85315F304A3AE156DB681C6B4D851CB91
                                          Function 070451D8 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c5920e7bdc82e779dc96d176e0e70bf1ba4e4c45881dfb0d07e64fe5fc6563a
                                          • Instruction ID: 732bd9029e7d4b3ab5b6a352e5128253cb1cd1cfeff8d5c24855fbb1f4d6efda
                                          • Opcode Fuzzy Hash: 7c5920e7bdc82e779dc96d176e0e70bf1ba4e4c45881dfb0d07e64fe5fc6563a
                                          • Instruction Fuzzy Hash: 13414FB1A0060A9FDF70CEA9DD80AAFF7F2FB85210F104A3AE116D7650D370A9558B91
                                          Function 06590006 Relevance: .1, Instructions: 125COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91074a393ce57a871b361771d691ca1f88aa9d0d28faef9d7764643b150f53c6
                                          • Instruction ID: 46e3a9794f877f8a489a36a17dbdf2123d78fb31ece049b1d0b4935f0e7fa9c8
                                          • Opcode Fuzzy Hash: 91074a393ce57a871b361771d691ca1f88aa9d0d28faef9d7764643b150f53c6
                                          • Instruction Fuzzy Hash: 5B41D670A052568FDB12DF78DC40AAF7BB1FF46210B1445AEE045EB352DA38AD06CBA1
                                          Function 0704DC58 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 089d9e8618e5636e141b0eabcd47d942acdcd97554ea0cfaef24dace3ee7e531
                                          • Instruction ID: 052cd5f990b7145fcda6bd4bda805b023e67364b895d50c480e5371d727f1c2c
                                          • Opcode Fuzzy Hash: 089d9e8618e5636e141b0eabcd47d942acdcd97554ea0cfaef24dace3ee7e531
                                          • Instruction Fuzzy Hash: 66415EB0B0020A9BDF64DF65D45469EBBB2FF85304F208A39E516EB340DB74E842CB91
                                          Function 0704DC45 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5852775199f1040683f2fca93ef16aff730d00742ad0da7e3be5be7e8f5ab92b
                                          • Instruction ID: 7eef574d688f892fc5f49a6f03a49e3d476524b9ce65e6357119e30d46c7196d
                                          • Opcode Fuzzy Hash: 5852775199f1040683f2fca93ef16aff730d00742ad0da7e3be5be7e8f5ab92b
                                          • Instruction Fuzzy Hash: 78418EB0B002069BDF25DF75D45069EBBB2FF85300F104639E915E7240DB74E846CB90
                                          Function 0704227D Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d246a0e56265ec6b2b8b277ef27f9cbd5b861898032cc6ad43bc3992dbc4b6f5
                                          • Instruction ID: 538cbaaa7e53b3eb3d2bf15f93d632a0f15df25cc877bcc616a07761ba88fae8
                                          • Opcode Fuzzy Hash: d246a0e56265ec6b2b8b277ef27f9cbd5b861898032cc6ad43bc3992dbc4b6f5
                                          • Instruction Fuzzy Hash: FD31CDB1B002069FDB58AB34D5546AE7BF7FB89600F244978E402DB381DE39DC42CBA0
                                          Function 07042290 Relevance: .1, Instructions: 105COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8a25facf13fe517619d03fa2290500230ff51de0c6862c883ab9b2bb742fd87
                                          • Instruction ID: 6afbb520b15155089c326e48de3871d5686e2f0ac7f653ea03d90d78813fa5cf
                                          • Opcode Fuzzy Hash: f8a25facf13fe517619d03fa2290500230ff51de0c6862c883ab9b2bb742fd87
                                          • Instruction Fuzzy Hash: 1D31ADB0B002069FDB58AF75D5546AF7AE7FF89600F208978E502DB384DE39DC428B90
                                          Function 0704DAF8 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4018079e716ce53f5b18e57f92ff7a14932b794301e95275207a210a83c1d580
                                          • Instruction ID: bc2b7a03b02e0350cfacde4b2f6111456b005e820412a9da3a433b9d22045d85
                                          • Opcode Fuzzy Hash: 4018079e716ce53f5b18e57f92ff7a14932b794301e95275207a210a83c1d580
                                          • Instruction Fuzzy Hash: 0331ACB5A0060BDBDB15DF68C99069EBBB1FF45310F104A69E505EB340DB74E8468B80
                                          Function 07042140 Relevance: .1, Instructions: 94COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c76edbf63e82efc82e8c88cb5f4dfa3da6af168c97f023e689e3385bbeef1522
                                          • Instruction ID: 2dde74bb0e820bd4c5a8c93d132b09c22911634b6a86f166030b41011e8ab727
                                          • Opcode Fuzzy Hash: c76edbf63e82efc82e8c88cb5f4dfa3da6af168c97f023e689e3385bbeef1522
                                          • Instruction Fuzzy Hash: 7F313DB5F146069BCB14CFA4D99569EB7F2BF89300F10CA29E816A7350DB70AC46CB50
                                          Function 06590040 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0197281c620aa6a58324ef93efc76fd2a4bbe852d82dd4ed8d10fa9957f02c4c
                                          • Instruction ID: 7d4fc40eae9b3e86288fd6bc8306343af92abf578986c19108a646af1e1d9d6f
                                          • Opcode Fuzzy Hash: 0197281c620aa6a58324ef93efc76fd2a4bbe852d82dd4ed8d10fa9957f02c4c
                                          • Instruction Fuzzy Hash: 893120B4E102168FDF50DF68D880AAEB7B5FF49314F50492DD105EB350EA39AD428B95
                                          Function 07042150 Relevance: .1, Instructions: 91COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5f9202049294c1fa8b19a0fbe70649960e5aff12fa0c2331a8522c49a42dcb4
                                          • Instruction ID: 7ff6118e6f23fbdbdbb7d6ba06c7a586a183a374d4f5622c7bbdbe01b8f094f5
                                          • Opcode Fuzzy Hash: a5f9202049294c1fa8b19a0fbe70649960e5aff12fa0c2331a8522c49a42dcb4
                                          • Instruction Fuzzy Hash: B6312BB5F1420A9BCB14DFA5D99569EB7F2BF89300F10C629E806AB350DB70AC42CB50
                                          Function 07043C59 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91362ab2086d14bd2542d88e01cc6b2cdd4996ec3fc236d3f1f5f3e57773815c
                                          • Instruction ID: 8615dfe9ed1ae041b681baa0b6a6ce2fb0d9e7daec4faa7530cdec8a81a8df18
                                          • Opcode Fuzzy Hash: 91362ab2086d14bd2542d88e01cc6b2cdd4996ec3fc236d3f1f5f3e57773815c
                                          • Instruction Fuzzy Hash: A2217CB5E012169FDB10DFA8E840AEEB7F6EB48210F108535E905F7380E739D9418FA1
                                          Function 07043C68 Relevance: .1, Instructions: 78COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7c6203c58bd0ff8d413c3a0f4eee9f99a7c5f30026218b43bb8c4ab285405b8
                                          • Instruction ID: 32bb6520580524008f2e499953e9fed801d99c50aa2a1689e6cd0c38e5f8a487
                                          • Opcode Fuzzy Hash: b7c6203c58bd0ff8d413c3a0f4eee9f99a7c5f30026218b43bb8c4ab285405b8
                                          • Instruction Fuzzy Hash: 8A2169B5A0121A9FDB10DFA9E880AAEB7F1EB48210F108179E905F7390E739DD018F90
                                          Function 0133D3BC Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4613892419.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_133d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d008dd12d518c390bf8c3dc84a71c5f939b054d5a6694668d5dbda5c6961a76d
                                          • Instruction ID: 95ed350affc929a6034ad0e6fefb26be977f4a1708b4e90d2fe2c6c14b7a9d9e
                                          • Opcode Fuzzy Hash: d008dd12d518c390bf8c3dc84a71c5f939b054d5a6694668d5dbda5c6961a76d
                                          • Instruction Fuzzy Hash: 562146B1504304DFDB01DF54D5C0B26BB65FBC4318F60C56DE90A5B292C77AE846CB65
                                          Function 0133D044 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4613892419.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_133d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3161804d0ef742e9e3853a9db4452d4a489b1d228f3318a0623e016a20e4c997
                                          • Instruction ID: d838dc7e652ad1afeedbcf4178f02fa9388dc9f96ee1d427e35ad5870b521c38
                                          • Opcode Fuzzy Hash: 3161804d0ef742e9e3853a9db4452d4a489b1d228f3318a0623e016a20e4c997
                                          • Instruction Fuzzy Hash: 202122B1504208EFDB11DF64C9C0B26FB65FBC4718F60C66DE9094F252C73AD446CA65
                                          Function 0133D20C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4613892419.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_133d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1441fa947939c5a09185ba8eeee4a7d2a529cb65735e89896bfb5701d75ee52a
                                          • Instruction ID: cc72c2673a814e38a76183234c0e27986af18ddc9a0fc37977465aa10f29c7ea
                                          • Opcode Fuzzy Hash: 1441fa947939c5a09185ba8eeee4a7d2a529cb65735e89896bfb5701d75ee52a
                                          • Instruction Fuzzy Hash: 4C212371504248DFDB01DF94D9C4B2ABB65FBC4338F60C66DE9098B646C37AD446CB61
                                          Function 070451C9 Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 326783d9702dea8ff34e36218e94e6e4835cd267790c46a4e625ef46eb312c57
                                          • Instruction ID: fe954b5f5444562b2c9e69d5f40fd9e61330ee1fb14460b6ae7b569b92abafd2
                                          • Opcode Fuzzy Hash: 326783d9702dea8ff34e36218e94e6e4835cd267790c46a4e625ef46eb312c57
                                          • Instruction Fuzzy Hash: B021A1B1A0070A9FDB20CFA9CD80AAFFBF2FB85300F104A2AE155D7641D370A815CB90
                                          Function 07046A98 Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4349d49d59be05a81f05f7d9882e662761ad604a2e05054ce75537de27322e3c
                                          • Instruction ID: c0be1c405a4a25c39e03a796a7bec7933effa6199499b335e2eca7e4e4485a2f
                                          • Opcode Fuzzy Hash: 4349d49d59be05a81f05f7d9882e662761ad604a2e05054ce75537de27322e3c
                                          • Instruction Fuzzy Hash: B321B1B1B001199FDF44DA69E4506AEB7F6FB85310F248539D406EB380EB3AED518BC4
                                          Function 0704EF27 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb728d3a4755e85f886ee569260bead82199c5c80cff6760264384546ca30842
                                          • Instruction ID: e1dbf8d905223de353f70e80b0b2d853d3782c0ea81052a2dc16da36596076c9
                                          • Opcode Fuzzy Hash: bb728d3a4755e85f886ee569260bead82199c5c80cff6760264384546ca30842
                                          • Instruction Fuzzy Hash: 3F0128F67040114BDB65A67CD45476E67D6EBC9220F54853DF10AC7380EE15ED034392
                                          Function 07043FB0 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa36759bd5c65bc536874b05346e965b93f4c21d679d5d7a8551e7d9b394f050
                                          • Instruction ID: 24248c439388e053825993de8b91595d293d0df26595825cd082046b8a6357a7
                                          • Opcode Fuzzy Hash: fa36759bd5c65bc536874b05346e965b93f4c21d679d5d7a8551e7d9b394f050
                                          • Instruction Fuzzy Hash: 8501F7B67000520BDB61957C841476BA7E7DBC9710F14893AF10AC7381DD66DC0343A1
                                          Function 07043D78 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0fe320b08ec950d605531bc719746be4722bad5b03312cae97e04a21c98229a
                                          • Instruction ID: e9b24778942c64cc9bee9c0493702f89593ddd7a4afe9b9c9340ae60d5cfd263
                                          • Opcode Fuzzy Hash: f0fe320b08ec950d605531bc719746be4722bad5b03312cae97e04a21c98229a
                                          • Instruction Fuzzy Hash: FB116D76B101294BDF549A69D8146AEB7FAEBC9710F108639D407E7384EE29DC028B91
                                          Function 07043A30 Relevance: .1, Instructions: 58COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b44062453d40ef0a1cba68dfd7bce61a09bc796da1a7643be54a9c1511ee3c2
                                          • Instruction ID: 4d4e12449dea50cb72da7f148a580014c57f1d82f99e66292fc884236dfb3bd1
                                          • Opcode Fuzzy Hash: 2b44062453d40ef0a1cba68dfd7bce61a09bc796da1a7643be54a9c1511ee3c2
                                          • Instruction Fuzzy Hash: CB21F4B6D01619AFCB00DF9AD984ADEFBB5FB48310F10812AE918B7310C374A954CFA5
                                          Function 07043D68 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 925966179424e4a92204a2350f80dcc455a56a694c3b6a4a301eca1144ab32b9
                                          • Instruction ID: 3dd9317e180f6c00d1acce05e602718fa0167a757f56edad58317ba0018f8311
                                          • Opcode Fuzzy Hash: 925966179424e4a92204a2350f80dcc455a56a694c3b6a4a301eca1144ab32b9
                                          • Instruction Fuzzy Hash: 4501BCB2B110255BDB949A78EC257EF77EADBC8200F004539E40AE7284DA298C038BE1
                                          Function 0704A490 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee6d8593570c5585b27d9f5e0b5857cd5919bac642a055d531cb0cbc5e12cf2f
                                          • Instruction ID: 0719d1e3972dafc0ab4caf25314a76c4222ab842640807b97a217b7c1e7bb54f
                                          • Opcode Fuzzy Hash: ee6d8593570c5585b27d9f5e0b5857cd5919bac642a055d531cb0cbc5e12cf2f
                                          • Instruction Fuzzy Hash: 610184F67010124FDB61966C9555B9F77E6E7C5710F10C939E00AC7340DA1AED428791
                                          Function 07043218 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e69a6df6c5825156e50033232851e4572ce43849b14036aa7178d78010e12e3
                                          • Instruction ID: 5320605e543be3b5c9efa77bb1c272e163a9fe19a9be75b0120ee4388c6d0948
                                          • Opcode Fuzzy Hash: 2e69a6df6c5825156e50033232851e4572ce43849b14036aa7178d78010e12e3
                                          • Instruction Fuzzy Hash: AF0161B1E002299ACF54DFB9D9405DEF7B6EB89310F10967AD506F7200DA31D945CB90
                                          Function 0133D3B7 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4613892419.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_133d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: 39e7e88213f7914545035e29707b256a13ed03bc9f7b026b2eba0b96489fa289
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: 5211BB75504280CFCB02CF54D5C4B55BBA2FB84218F24C6AAD8494B256C33AE40ACBA1
                                          Function 0133D03F Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4613892419.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_133d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction ID: 575a32ba3bb775e7c4f09e86af5bd731cd503b943f1c67fbe060c63d42b2c373
                                          • Opcode Fuzzy Hash: f5dd070f47a673dda7babee824c8441981cc2d376d27ad6ac8e2bf7ef2f1688d
                                          • Instruction Fuzzy Hash: AF11BB75504284CFCB12CF54C9C4B15FBA2FB84318F24C6A9D8494B252C33AD44ACF62
                                          Function 0133D207 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4613892419.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_133d000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
                                          • Instruction ID: 0d8f20353e4ed8a0ab6fa18b2db8cbb84a42dd0deff1b4565c43c57401b0a86e
                                          • Opcode Fuzzy Hash: 7446d2c010be365be41eb5dc0cb1b2bfcd5ded7fd4e3a0164d9a4b9e20566540
                                          • Instruction Fuzzy Hash: 3D119D76504284CFDB12CF54D5C4B56BB61FB84228F24C6AAD8494B656C33AD40ACBA2
                                          Function 07043A38 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 088c8fb0fa4164bfce605d7c1fef236f9a2933e93af630c41281910750661506
                                          • Instruction ID: 4304c65b08791588b60469e781f342c638e65d53f6b70f477aea73a2b3d5980f
                                          • Opcode Fuzzy Hash: 088c8fb0fa4164bfce605d7c1fef236f9a2933e93af630c41281910750661506
                                          • Instruction Fuzzy Hash: D911D0B1D01219AFDB00DF9AD884ACEFBB4FB48310F10812AE918B7240C374A954CFA5
                                          Function 07043FC0 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33800a3c332001ce36ea0a1b3c2b75590fbbb4810788aad2f4b239144cf40c3a
                                          • Instruction ID: 66973c487d421b5536ce7a9d0d38b5650475251038998af247d495ff7c84e4f0
                                          • Opcode Fuzzy Hash: 33800a3c332001ce36ea0a1b3c2b75590fbbb4810788aad2f4b239144cf40c3a
                                          • Instruction Fuzzy Hash: 0901A4B57000164BDB64A96D945972BB7EBEBC9710F10893AF50AC7381DE66EC034395
                                          Function 0704EF38 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53c99b71c96be24a50781677c1063dac00addd696b6d9bed474e62bcbf50653f
                                          • Instruction ID: 046de66878ef38f7f746d898199036e5ec76c537b5bceb88f1243d61b7184659
                                          • Opcode Fuzzy Hash: 53c99b71c96be24a50781677c1063dac00addd696b6d9bed474e62bcbf50653f
                                          • Instruction Fuzzy Hash: ED01AFB57004164BDB64A67DD45472FA7DAEBC9620F548939F10AC7380EE66ED0343C1
                                          Function 0704A4A0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 457d778947b5e4ecd7cb1e2e0320ef053063e455a0eeb9828b5fea762c457f60
                                          • Instruction ID: 431c5a47d6423a8bccbe24eea97d5c5ef1b54de29ed88ae9e5ba40ecffef5435
                                          • Opcode Fuzzy Hash: 457d778947b5e4ecd7cb1e2e0320ef053063e455a0eeb9828b5fea762c457f60
                                          • Instruction Fuzzy Hash: B3013CB57000165FDB609A6CE555B6E73D9EBC9724F10C938E10ADB740EE2AEC428791
                                          Function 0704C968 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7800815b51acaee060601e88c19e5dbea4a195d268c4c099902756221508a7b
                                          • Instruction ID: 40b8fbe8cd3264e30f42b33a5b6df515e36965ee7a09308b8403e49d191f2426
                                          • Opcode Fuzzy Hash: a7800815b51acaee060601e88c19e5dbea4a195d268c4c099902756221508a7b
                                          • Instruction Fuzzy Hash: 7D0128B2B11229ABEF14AE69EC40A9EB775F7C5354F00453DE901EB340DB36AC0187D4
                                          Function 06590248 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6be8137d6b08b007c6129dab8790e1147f9f66ca0eb902c008a79de8c79fd58
                                          • Instruction ID: 733bf4707f989727a1a261efad5ce4b1cfc8428772618b0b9be9f35d3a342255
                                          • Opcode Fuzzy Hash: f6be8137d6b08b007c6129dab8790e1147f9f66ca0eb902c008a79de8c79fd58
                                          • Instruction Fuzzy Hash: DCF0E7B4D0525AAFDF54DFA9C841AAFBFF8BF08200F1088A9E554E3241DB709505CBE1
                                          Function 070461F8 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa4d49f2892ccd9ee4f0b14448ce7742109d1c2d8c8fe539e3abdbaf6e33dc6b
                                          • Instruction ID: ba6c03c726287689f51a5f0469bb58ae6ecf19151462b69e53825f670eae86f7
                                          • Opcode Fuzzy Hash: aa4d49f2892ccd9ee4f0b14448ce7742109d1c2d8c8fe539e3abdbaf6e33dc6b
                                          • Instruction Fuzzy Hash: F0E09BF19052466FDB11CBA4DB4479B77AA9742204F1045E6D405DB141E136CA064392
                                          Function 06590258 Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9012a49ff62632ebd95b8ee67414d3d33606a89bcf21c7d23fd802d69ea9ef92
                                          • Instruction ID: ddce385e08fda377feb897cdd8fc6d36b5bc541bd56e07f0bcf593cfd6f91c5e
                                          • Opcode Fuzzy Hash: 9012a49ff62632ebd95b8ee67414d3d33606a89bcf21c7d23fd802d69ea9ef92
                                          • Instruction Fuzzy Hash: 77F0DAB0D0420A9FDF94DFA9D841AAEBBF4BB48310F1089A9D918E7240E77095048FA1
                                          Function 065901F0 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68bac4ba2e83543cbda053415213205b5e934da5cd8ecec57ba5763e62724893
                                          • Instruction ID: cc6d7213f9f3895dae0df1276e5b12d1b5de97add56bbaea817840bdea27bfa2
                                          • Opcode Fuzzy Hash: 68bac4ba2e83543cbda053415213205b5e934da5cd8ecec57ba5763e62724893
                                          • Instruction Fuzzy Hash: 2BF01C748012199FDB50DFB9C954A9BBFF5FF08600F2088A9D4A9D3252D7709505CFA1
                                          Function 07046208 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4653809761.0000000007040000.00000040.00000800.00020000.00000000.sdmp, Offset: 07040000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_7040000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f7bd6825e0648ee9f6c58fa012b6872b1e8c3abeec3551e43721e9dfe40903b
                                          • Instruction ID: 8d348df34ea09d05d573a479799bace623f08cf49cb9a7019593c969420ece46
                                          • Opcode Fuzzy Hash: 8f7bd6825e0648ee9f6c58fa012b6872b1e8c3abeec3551e43721e9dfe40903b
                                          • Instruction Fuzzy Hash: 35E08CF0E0420AABDF20DAA4DA0575AB6EDD702208F2089B5D808C7200F273CA018381
                                          Function 065902F1 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2dbe89c6722a5b7c31e5aae5139cc18e87a0f986bba108fcd453d4e46f8cdc93
                                          • Instruction ID: 9cf37da636ee2e1537e58118fa3f74a62dfc1604c36d0fb9598184b51face974
                                          • Opcode Fuzzy Hash: 2dbe89c6722a5b7c31e5aae5139cc18e87a0f986bba108fcd453d4e46f8cdc93
                                          • Instruction Fuzzy Hash: C3D05E361542486A8B51EFA1AC40DA3BFEDAF50A00700846AF98486461DB12E468E7A2
                                          Function 06590200 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 0000000D.00000002.4647891899.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_13_2_6590000_Logon32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5672234da27dffd906f1cf1b8f5baea028a54f86bbee6128cab7d1749a77ba6
                                          • Instruction ID: 0280b7ebca3b83a6c40cd71748e3d92600388da2d3addeb883e781797c33374f
                                          • Opcode Fuzzy Hash: f5672234da27dffd906f1cf1b8f5baea028a54f86bbee6128cab7d1749a77ba6
                                          • Instruction Fuzzy Hash: 3AE0B6B0D4020ADFDB80EFB9C905A5EBBF0BF08704F2189A9D019E7251E7B49604CF91